Azure Devops: Credentials error with deploy of Static Web Site to Azure Blob Storage

569 views Asked by At

Tasks are delete the blob storage then upload the built Jekyll site. Output

Error Code: [1]
Error: Azure login failed
Script failed with error: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: 
...
...
,"error_uri":"https://login.microsoftonline.com/error?code=7000222"

Issue probably to overcome is that the account in Azure Devops existed as an Azure Subscription. The actual subscription used for the blob storage is different to that but the Devops login did have access to it. But now the Devops Azure subscription has expired, but I can still log into Azure with that account (and Azure Devops still works with it).

I have tried regenerating the storage key. I have tried adding the key to the delete and upload storage commmands:

az storage blob delete-batch --source $(containerName) --account-name $(storageAccount) --output table 
az storage blob upload-batch --source _site --destination $(containerName) --account-name $(storageAccount) --output table --no-progress
1

There are 1 answers

0
David Jones On

Finally solved my problem: Had to create a new (Service Connection ((Project Settings) - Pipelines/Service Connection) for the Pipeline, Azure Resource Manger type, Service Principal (Auto), with the new credentials, make sure the secret is renewed with this. Do a [Verify] Then select that for the two tasks.

I have posted a detailed how-to blog for this: https://davidjones.sportronics.com.au/web/Azure_Devops-Blob_Storage_Credentials-mm-web.html