Edit

Quickstart: Create and configure a dev center for Azure Deployment Environments

  • Article

This quickstart shows you how to create and configure a dev center in Azure Deployment Environments.

A platform engineering team typically sets up a dev center, attaches external catalogs to the dev center, creates projects, and provides access to development teams. Development teams create environments by using environment definitions, connect to individual resources, and deploy applications. To learn more about the components of Azure Deployment Environments, see Key concepts for Azure Deployment Environments.

The following diagram shows the steps you perform in this quickstart to configure a dev center for Azure Deployment Environments in the Azure portal.

Diagram showing the stages required to configure a dev center for Deployment Environments.

First, you create a dev center to organize your deployment environments resources. Next, you create a key vault to store the GitHub personal access token (PAT) that is used to grant Azure access to your GitHub repository. Then, you attach an identity to the dev center and assign that identity access to the key vault. Then, you add a catalog that stores your IaC templates to the dev center. Finally, you create environment types to define the types of environments that development teams can create.

The following diagram shows the steps you perform in the Create and configure a project quickstart to configure a project associated with a dev center for Deployment Environments.

Diagram showing the stages required to configure a project for Deployment Environments.

You need to perform the steps in both quickstarts before you can create a deployment environment.

Prerequisites

  • An Azure account with an active subscription. Create an account for free.
  • Azure role-based access control role with permissions to create and manage resources in the subscription, such as Contributor or Owner.

Create a dev center

To create and configure a Dev center in Azure Deployment Environments by using the Azure portal:

  1. Sign in to the Azure portal.

  2. Search for Azure Deployment Environments, and then select the service in the results.

  3. In Dev centers, select Create.

    Screenshot that shows how to create a dev center in Azure Deployment Environments.

  4. In Create a dev center, on the Basics tab, select or enter the following information:

    Name Value
    Subscription Select the subscription in which you want to create the dev center.
    Resource group Either use an existing resource group or select Create new and enter a name for the resource group.
    Name Enter a name for the dev center.
    Location Select the location or region where you want to create the dev center.

  5. Select Review + Create.

  6. On the Review tab, wait for deployment validation, and then select Create.

    Screenshot that shows the Review tab of a dev center to validate the deployment details.

  7. You can check the progress of the deployment in your Azure portal notifications.

    Screenshot that shows portal notifications to confirm the creation of a dev center.

  8. When the creation of the dev center is complete, select Go to resource.

  9. In Dev centers, verify that the dev center appears.

    Screenshot that shows the Dev centers overview, to confirm that the dev center is created.

Create a Key Vault

You need an Azure Key Vault to store the GitHub personal access token (PAT) that is used to grant Azure access to your GitHub repository. Key Vaults can control access with either access policies or role-based access control (RBAC). If you have an existing key vault, you can use it, but you should check whether it uses access policies or RBAC assignments to control access. In this quickstart, you create an RBAC Key Vault. For help with configuring an access policy for a key vault, see Assign a Key Vault access policy.

If you don't have an existing key vault, use the following steps to create one:

  1. Sign in to the Azure portal.

  2. In the Search box, enter Key Vault.

  3. From the results list, select Key Vault.

  4. On the Key Vault page, select Create.

  5. On the Create key vault tab, provide the following information:

    Name Value
    Name Enter a name for the key vault.
    Subscription Select the subscription in which you want to create the key vault.
    Resource group Either use an existing resource group or select Create new and enter a name for the resource group.
    Location Select the location or region where you want to create the key vault.

    Leave the other options at their defaults.

  6. On the Access configuration tab, select Azure role-based access control, and then select Review + create.

  7. On the Review + create tab, select Create.

Create a personal access token

Using an authentication token like a GitHub PAT enables you to share your repository securely. GitHub offers classic PATs, and fine-grained PATs. Fine-grained and classic PATs work with Azure Deployment Environments, but fine-grained tokens give you more granular control over the repositories to which you're allowing access.

Tip

If you are attaching an Azure DevOps repository, use these steps: Create a personal access token in Azure DevOps.

  1. In a new browser tab, sign into your GitHub account.

  2. On your profile menu, select Settings.

  3. On your account page, on the left menu, select < >Developer Settings.

  4. On the Developer settings page, select Fine-grained tokens.

    Screenshot that shows the GitHub Fine-grained tokens option.

  5. On the Fine-grained personal access tokens page, select Generate new token Screenshot showing the GitHub Fine-grained personal access tokens page with Generate new token highlighted.

  6. On the New fine-grained personal access token page, provide the following information:

    Name Value
    Token name Enter a descriptive name for the token.
    Expiration Select the token expiration period in days.
    Description Enter a description for the token.
    Repository access Select Public Repositories (read-only).

    Leave the other options at their defaults.

    Screenshot showing the GitHub New fine-grained personal access token page.

  7. Select Generate token.

  8. On the Fine-grained personal access tokens page, copy the new token.

    Screenshot that shows the new GitHub token with the copy button highlighted.

    Warning

    You must copy the token now. You will not be able to access it again.

  9. Switch back to the Key Vault – Microsoft Azure browser tab.

  10. In the Key Vault, on the left menu, select Secrets.

  11. On the Secrets page, select Generate/Import.

    Screenshot that shows the key vault Secrets page with the generate/import button highlighted.

  12. On the Create a secret page:

    • In the Name box, enter a descriptive name for your secret.
    • In the Secret value box, paste the GitHub secret you copied in step 7.

    Screenshot that shows the Create a secret page with the Name and Secret value text boxes highlighted.

    • Select Create.

  13. Leave this tab open, you need to come back to the Key Vault later.

Attach an identity to the dev center

After you create a dev center, attach an identity to the dev center. You can attach either a system-assigned managed identity or a user-assigned managed identity. Learn about the two types of identities.

In this quickstart, you configure a system-assigned managed identity for your dev center.

Attach a system-assigned managed identity

To attach a system-assigned managed identity to your dev center:

  1. In Dev centers, select your dev center.

  2. In the left menu under Settings, select Identity.

  3. Under System assigned, set Status to On, and then select Save.

    Screenshot that shows a system-assigned managed identity.

  4. In the Enable system assigned managed identity dialog, select Yes.

Assign the system-assigned managed identity access to the key vault secret

Make sure that the identity has access to the key vault secret that contains the personal access token to access your repository. Key Vaults support two methods of access; Azure role-based access control (RBAC) or Vault access policy. In this quickstart, you use an RBAC key vault.

Configure vault access:

  1. In the Azure portal, go to the key vault that contains the secret with the personal access token.

  2. In the left menu, select Access control (IAM).

  3. Select Add > Add role assignment.

  4. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.

    Setting Value
    Role Select Key Vault Secrets User.
    Assign access to Select Managed identity.
    Members Select the dev center managed identity that you created in Attach a system-assigned managed identity.

Add a catalog to the dev center

Azure Deployment Environments supports attaching Azure DevOps repositories and GitHub repositories. You can store a set of curated IaC templates in a repository. Attaching the repository to a dev center as a catalog gives your development teams access to the templates and enables them to quickly create consistent environments.

In this quickstart, you attach a GitHub repository that contains samples created and maintained by the Azure Deployment Environments team.

To add a catalog to your dev center, you first need to gather some information.

Gather GitHub repo information

To add a catalog, you must specify the GitHub repo URL, the branch, and the folder that contains your environment definitions. You can gather this information before you begin the process of adding the catalog to the dev center, and paste it somewhere accessible, like notepad.

Tip

If you are attaching an Azure DevOps repository, use these steps: Get the clone URL of an Azure DevOps repository.

  1. On your GitHub account page, select <> Code, and then select copy.

  2. Take a note of the branch that you're working in.

  3. Take a note of the folder that contains your environment definitions.

    Screenshot that shows the GitHub repo with Code, branch, and folder highlighted.

Gather the secret identifier

You also need the path to the secret you created in the key vault.

  1. In the Azure portal, navigate to your key vault.

  2. On the key vault page, from the left menu, select Secrets.

  3. On the Secrets page, select the secret you created earlier.

    Screenshot that shows the list of secrets in the key vault with one highlighted.

  4. On the versions page, select the CURRENT VERSION.

    Screenshot that shows the current version of the select secret.

  5. On the current version page, for the Secret identifier, select copy.

    Screenshot that shows the details current version of the select secret with the secret identifier copy button highlighted.

Add a catalog to your dev center

  1. Navigate to your dev center.

  2. In the left menu under Environment configuration, select Catalogs, and then select Add.

    Screenshot that shows the Catalogs pane.

  3. In Add catalog, enter the following information, and then select Add:

    Field Value
    Name Enter a name for the catalog.
    Git clone URI Enter or paste the clone URL for either your GitHub repository or your Azure DevOps repository.
    Sample catalog example: https://github.com/Azure/deployment-environments.git
    Branch Enter the repository branch to connect to.
    Sample catalog example: main
    Folder path Enter the folder path relative to the clone URI that contains subfolders that hold your environment definitions.
    The folder path is for the folder with subfolders containing environment definition manifests, not for the folder with the environment definition manifest itself. The following image shows the sample catalog folder structure.
    Sample catalog example: /Environments
    Screenshot showing Environments sample folder in GitHub. The folder path can begin with or without a forward slash (/).
    Secret identifier Enter the secret identifier that contains your personal access token for the repository.
    When you copy a secret identifier, the connection string includes a version identifier at the end, like in this example: https://contoso-kv.vault.azure.net/secrets/GitHub-repo-pat/9376b432b72441a1b9e795695708ea5a.
    Removing the version identifier ensures that Deployment Environments fetches the latest version of the secret from the key vault. If your personal access token expires, only the key vault needs to be updated.
    Example secret identifier: https://contoso-kv.vault.azure.net/secrets/GitHub-repo-pat

    Screenshot that shows how to add a catalog to a dev center.

  4. In Catalogs for the dev center, verify that your catalog appears. If the connection is successful, Status is Connected.

Create an environment type

Use an environment type to help you define the different types of environments your development teams can deploy. You can apply different settings for each environment type.

  1. In the Azure portal, go to Azure Deployment Environments.

  2. In Dev centers, select your dev center.

  3. In the left menu under Environment configuration, select Environment types, and then select Create.

  4. In Create environment type, enter the following information, and then select Add.

    Name Value
    Name Enter a name for the environment type.
    Tags Enter a tag name and a tag value.

    Screenshot that shows the Create environment type pane.

  5. Confirm that the environment type is added by checking your Azure portal notifications.

An environment type that you add to your dev center is available in each project in the dev center, but environment types aren't enabled by default. When you enable an environment type at the project level, the environment type determines the managed identity and subscription that are used to deploy environments.

Next steps

In this quickstart, you created a dev center and configured it with an identity, a catalog, and an environment type. To learn how to create and configure a project, advance to the next quickstart.

Quickstart: Create and configure a project