I was implementing Packer at a client of mine and I stumbled upon a new authentication type for Packer. You can pass the Azure CLI logon to Packer. This has the advantage that you don’t need to manage credentials for your Packer pipeline in Azure DevOps to run on Microsoft Azure.
I was skeptical at first because the documentation doesn’t mention this. But, the client sent me the code and I found the authentication option.
Of course, this only applies to Microsoft Azure and Azure DevOps pipelines that use Packer to build images.
Prerequisites
You need to set up a Packer pipeline with Azure DevOps. I wrote a blog about it. You can find it here:
Setup Packer Azure CLI Authentication
You need to do 2 things. Edit the Packer file and edit the YAML (pipeline) file.
Firstly, the Packer file. I assume you currently use a client and secret to authenticate. (since you used my blog to set it up (LOL).
Go to your Packer file and remove these variables:
After that, also remove them from the “source” part of the packer file:
Lastly, add this code to the “source” part of the packer file:
That is the Packer file. Next is the YAML (pipeline) file. It all depends on how you pass these parameters to your Packer instance. This could be a parameter file, a PowerShell script, or directly in the Packer file. Either way, remove these references, for example:
In addition, you need to run your Packer deployment through the Azure CLI task within Azure DevOps for this to work:
That’s it! That is how you can use Packer Azure CLI authentication without specifying credentials.
Furthermore, if you use federated credentials to create your Service Connection in Azure DevOps, you don’t need to manage credentials at all! Read about it here: