I'm working with a Azure DevOps repository, and I have a question but I cannot find any information about if it's possible.
I want to have a server who auto-check and auto-deploy some web changes. For this, I'll be using cron with git pull.
The question are, ¿How can I authorize the server to do a git pull, but only with permission on the repository who have the information? I understand leaving a SSH key on a server can be risky, or a hard-coded token. That's because I want the server to have a authentication method to the repository who only have permission on these repository and not all of them (I have more than 10 repositories on devops).
I know a method is to have a user who can login on DevOps with permission only on these project. But I want some "more administrator-friendly" method.
NOTE: I don't know if it's possible or not, the question itself is a search of knowledge.
Thanks for the help.
You'll need to create an OAuth App and control its scopes or create a dedicated user in Azure DevOps to limit the security permissions of that user and generate a PAT for that.
The OAuth flow is quite a process, too much to capture in this answer.
Or use the Device Profile option.