# Azure DevOps Connect your private Azure DevOps repository to Valohai using SSH authentication. Unlike GitHub and GitLab, Azure DevOps uses user-level SSH keys rather than repository-level deploy keys. ## Requirements * A private Azure DevOps repository * A Valohai project * Access to your Azure DevOps account settings ## Overview You'll complete three steps: 1. Generate an SSH key pair (in Valohai) 2. Add the public key to your Azure DevOps user account 3. Add the private key to Valohai ## Step 1: Generate SSH Key Pair The easiest way is to generate the key pair directly in Valohai. **In Valohai:** 1. Open your project 2. Go to **Settings** → **Repository** 3. Click **Generate SSH Key** 4. Download or copy both keys: * `valohai-public_xxx.pub` (public key) * `valohai-private_xxx.pem` (private key) Keep these files handy—you'll need them in the next steps. ### Alternative: Generate Locally If you prefer, generate keys on your local machine: ```shell ssh-keygen -t rsa -b 4096 -f valohai-deploy-key ``` This creates: * `valohai-deploy-key.pub` – Public key for Azure DevOps * `valohai-deploy-key` – Private key for Valohai > :bulb: **Don't commit these keys to Git.** Anyone with the private key can access your repository. ## Step 2: Add Public Key to Azure DevOps Azure DevOps uses user-level SSH keys, not repository-level deploy keys. **Navigate to SSH public keys:** 1. Go to Azure DevOps 2. Click your **profile icon** (top right) 3. Go to **User settings** → **SSH Public Keys**

**Add the public key:** 1. Click **New Key** 2. **Name:** `Valohai` (or any descriptive name) 3. **Public Key Data:** Paste the entire contents of the `.pub` file * Should start with `ssh-rsa AAAA...` 4. Click **Save**

## Step 3: Add Private Key to Valohai Now connect the repository in Valohai. **Get your SSH repository URL from Azure DevOps:** 1. Go to your Azure DevOps project 2. Click **Repos** → **Files** 3. Click **Clone** (top right) 4. Select **SSH** (not HTTPS) 5. Copy the URL (format: `git@ssh.dev.azure.com:v3/org/project/repository`) **In Valohai:** 1. Go to **Settings** → **Repository** 2. Paste the SSH URL into the **URL** field: ``` git@ssh.dev.azure.com:v3/org/project/repository ``` 3. Paste the **entire contents** of the private key file into **SSH private key**: * Should start with `-----BEGIN RSA PRIVATE KEY-----` * Include all lines, including the header and footer 4. Click **Save**

Valohai will immediately attempt to fetch your repository. If successful, you'll see your commits in the execution dialog. ## Verify Connection Test that everything works: 1. Go to **Executions** → **Create Execution** 2. The **Commit** dropdown should show your commits 3. If not, click **Fetch Repository** in settings ## Keep Code Updated After pushing new commits to Azure DevOps, update Valohai: 1. Go to **Settings** → **Repository** 2. Click **Fetch Repository** **Automate with webhooks** (coming soon). ## Important Differences from Other Git Providers **User-level keys, not deploy keys:** * Azure DevOps doesn't support repository-specific deploy keys * The SSH key has access to all repos your user account can read * For production, create a dedicated service account **SSH URL format:** ``` git@ssh.dev.azure.com:v3/// ``` Not the standard `git@provider.com:username/repo.git` format. ## Using a Service Account (Recommended) For production environments, use a dedicated service account: 1. Create a new user in Azure DevOps (e.g., `valohai-service@company.com`) 2. Grant it **Reader** access to your repositories 3. Generate SSH keys for this account 4. Use these keys in Valohai This isolates Valohai access from personal accounts and makes key rotation easier. ## Troubleshooting **"Permission denied (publickey)"** * The public key wasn't added correctly to Azure DevOps * Make sure you copied the entire `.pub` file contents * Verify the SSH key shows in your user settings **"Repository not found"** * Check the repository URL format (should be `git@ssh.dev.azure.com:v3/...`) * Ensure you selected **SSH** (not HTTPS) when copying the URL * Verify your user account has access to the repository **"Invalid private key format"** * Make sure you pasted the private key, not the public key * Include the header (`-----BEGIN RSA PRIVATE KEY-----`) and footer * Don't add extra spaces or line breaks **"My commits don't appear"** * Click **Fetch Repository** after pushing new commits * Check if you're on the correct branch * Use [Manage Commits](https://docs.valohai.com/git-integration/manage-commits) to unhide old commits **"Key has access to too many repos"** * Create a service account with limited repository access * Grant the service account only the repos needed for Valohai ## Security Best Practices **Use a service account** * Don't use your personal Azure DevOps account * Create a dedicated user for Valohai with minimal permissions * This isolates access and simplifies key rotation **Grant minimal permissions** * Service account only needs **Reader** (read-only) access * Don't grant **Contributor** or higher **Rotate keys periodically** * Generate new keys every 6-12 months * Delete old SSH keys from Azure DevOps **Monitor key usage** * Azure DevOps logs SSH key usage * Review logs periodically for unexpected activity ## Next Steps * [Use .vhignore](https://docs.valohai.com/git-integration/use-vhignore) to exclude large files * [Manage Commits](https://docs.valohai.com/git-integration/manage-commits) to organize visible commits * [Git Submodules](https://docs.valohai.com/git-integration/advanced-topics/submodules) for accessing multiple repos