# Azure DevOps

Connect your private Azure DevOps repository to Valohai using SSH authentication. Unlike GitHub and GitLab, Azure DevOps uses user-level SSH keys rather than repository-level deploy keys.

## Requirements

* A private Azure DevOps repository
* A Valohai project
* Access to your Azure DevOps account settings

## Overview

You'll complete three steps:

1. Generate an SSH key pair (in Valohai)
2. Add the public key to your Azure DevOps user account
3. Add the private key to Valohai

## Step 1: Generate SSH Key Pair

The easiest way is to generate the key pair directly in Valohai.

**In Valohai:**

1. Open your project
2. Go to **Settings** → **Repository**
3. Click **Generate SSH Key**
4. Download or copy both keys:
   * `valohai-public_xxx.pub` (public key)
   * `valohai-private_xxx.pem` (private key)

Keep these files handy—you'll need them in the next steps.

### Alternative: Generate Locally

If you prefer, generate keys on your local machine:

```shell
ssh-keygen -t rsa -b 4096 -f valohai-deploy-key
```

This creates:

* `valohai-deploy-key.pub` – Public key for Azure DevOps
* `valohai-deploy-key` – Private key for Valohai

> :bulb: **Don't commit these keys to Git.** Anyone with the private key can access your repository.

## Step 2: Add Public Key to Azure DevOps

Azure DevOps uses user-level SSH keys, not repository-level deploy keys.

**Navigate to SSH public keys:**

1. Go to Azure DevOps
2. Click your **profile icon** (top right)
3. Go to **User settings** → **SSH Public Keys**

<figure><img src="/files/O20GEMaSrdvwdjwHaQRr" alt=""><figcaption></figcaption></figure>

**Add the public key:**

1. Click **New Key**
2. **Name:** `Valohai` (or any descriptive name)
3. **Public Key Data:** Paste the entire contents of the `.pub` file
   * Should start with `ssh-rsa AAAA...`
4. Click **Save**

<figure><img src="/files/X3vMmkmOsZugsqYSnjL3" alt=""><figcaption></figcaption></figure>

## Step 3: Add Private Key to Valohai

Now connect the repository in Valohai.

**Get your SSH repository URL from Azure DevOps:**

1. Go to your Azure DevOps project
2. Click **Repos** → **Files**
3. Click **Clone** (top right)
4. Select **SSH** (not HTTPS)
5. Copy the URL (format: `git@ssh.dev.azure.com:v3/org/project/repository`)

**In Valohai:**

1. Go to **Settings** → **Repository**
2. Paste the SSH URL into the **URL** field:

   ```
   git@ssh.dev.azure.com:v3/org/project/repository
   ```
3. Paste the **entire contents** of the private key file into **SSH private key**:
   * Should start with `-----BEGIN RSA PRIVATE KEY-----`
   * Include all lines, including the header and footer
4. Click **Save**

<figure><img src="/files/94xB7jLWEuiZN3jJkRfh" alt=""><figcaption></figcaption></figure>

Valohai will immediately attempt to fetch your repository. If successful, you'll see your commits in the execution dialog.

## Verify Connection

Test that everything works:

1. Go to **Executions** → **Create Execution**
2. The **Commit** dropdown should show your commits
3. If not, click **Fetch Repository** in settings

## Keep Code Updated

After pushing new commits to Azure DevOps, update Valohai:

1. Go to **Settings** → **Repository**
2. Click **Fetch Repository**

**Automate with webhooks** (coming soon).

## Important Differences from Other Git Providers

**User-level keys, not deploy keys:**

* Azure DevOps doesn't support repository-specific deploy keys
* The SSH key has access to all repos your user account can read
* For production, create a dedicated service account

**SSH URL format:**

```
git@ssh.dev.azure.com:v3/<organization>/<project>/<repository>
```

Not the standard `git@provider.com:username/repo.git` format.

## Using a Service Account (Recommended)

For production environments, use a dedicated service account:

1. Create a new user in Azure DevOps (e.g., `valohai-service@company.com`)
2. Grant it **Reader** access to your repositories
3. Generate SSH keys for this account
4. Use these keys in Valohai

This isolates Valohai access from personal accounts and makes key rotation easier.

## Troubleshooting

**"Permission denied (publickey)"**

* The public key wasn't added correctly to Azure DevOps
* Make sure you copied the entire `.pub` file contents
* Verify the SSH key shows in your user settings

**"Repository not found"**

* Check the repository URL format (should be `git@ssh.dev.azure.com:v3/...`)
* Ensure you selected **SSH** (not HTTPS) when copying the URL
* Verify your user account has access to the repository

**"Invalid private key format"**

* Make sure you pasted the private key, not the public key
* Include the header (`-----BEGIN RSA PRIVATE KEY-----`) and footer
* Don't add extra spaces or line breaks

**"My commits don't appear"**

* Click **Fetch Repository** after pushing new commits
* Check if you're on the correct branch
* Use [Manage Commits](/git-integration/manage-commits.md) to unhide old commits

**"Key has access to too many repos"**

* Create a service account with limited repository access
* Grant the service account only the repos needed for Valohai

## Security Best Practices

**Use a service account**

* Don't use your personal Azure DevOps account
* Create a dedicated user for Valohai with minimal permissions
* This isolates access and simplifies key rotation

**Grant minimal permissions**

* Service account only needs **Reader** (read-only) access
* Don't grant **Contributor** or higher

**Rotate keys periodically**

* Generate new keys every 6-12 months
* Delete old SSH keys from Azure DevOps

**Monitor key usage**

* Azure DevOps logs SSH key usage
* Review logs periodically for unexpected activity

## Next Steps

* [Use .vhignore](/git-integration/use-vhignore.md) to exclude large files
* [Manage Commits](/git-integration/manage-commits.md) to organize visible commits
* [Git Submodules](/git-integration/advanced-topics/submodules.md) for accessing multiple repos


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.valohai.com/git-integration/private-repositories/azure-devops.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.