In addition to using a Personal Access token (PAT), allow private artifact repo access using an identity provider e.g., AAD
The current model where an individual has to set up a personal access token to allow access to a private artifact repository works reasonably well.
However, as soon as the person who initially set up the access leaves the team or otherwise the team forgets how to set up this link, we find that we have to contact support and they have to remind us that we have to provide a new PAT for use when an artifact disappears
While we can have long-lived PATs up to two years in Azure DevOps, this isn't really a permanent solution because it requires some institutional knowledge of how things were set up
It would be ideal if (for Azure environments, for example) if there was a way to provide repo access via an Azure AD app or other secure mechanism that requires only a one-time setup
Thanks for your feedback.
We are currently investigating on ways to support MSI (Managed Service Identities) in Labs.
With a user defined MSI you bring to the lab, lab can use it while applying artifacts on VMs (ex. fetch a password for the domain join artifact)
Please share any feedback you have to help us make the feature better.