Skip to content
LoginGet Started

CI CD Azure DevOps

Azure DevOps Pipelines with CloudTruth

August 31, 2022

When you're working with the CloudTruth CLI, you'll most likely want a way to automate the process unless you're testing something specific on your local terminal. To create repeatable processes with the CloudTruth CLI, you can combine it with any CICD platform.

This blog post will teach you how to use CloudTruth to inject config into Azure DevOps pipelines.


Before getting started, ensure that you have the following:

  • A CloudTruth API key
  • An Azure DevOps project

You can generate the CloudTruth API key under Organization —> Access Control —> API Tokens.

Azure DevOps Secrets 1

If you don't already have an Azure DevOps organization to use, you can go to and create a new project from the home screen.

Azure DevOps Secrets 2

Getting Started

Let's dive into configuring a pipeline and utilizing CloudTruth.

First, log into Azure DevOps and go to your Project.

Azure DevOps Secrets 3

Under the Pipelines category, click on Pipelines.

Azure DevOps Secrets 4

Click the blue New pipeline button.

Azure DevOps Secrets 5

Choose where you want your repository to come from. Regardless of which option you choose, the steps in this blog post stay the same. If you aren't already authenticated to one of the source control options, you'll have to authenticate.

Azure DevOps Secrets 6

For the pipeline option, choose Starter pipeline.

Azure DevOps Secrets 7

You'll now see sample code on your YAML pipeline that echos a "Hello World.

Azure DevOps Secrets 8

Replace the sample code with the following pipeline, which does the following:

  • Triggers the pipeline for the main branch.
Uses the ubuntu-latest container image to run the pipeline (managed by Azure DevOps).
Uses two steps which:
  • Installs the CloudTruth CLI.
  • Uses the CloudTruth CLI to get a list of projects.

- main

vmImage: ubuntu-latest

- script: |
CLOUDTRUTH_CLI_VERSION=$(curl --silent "" | grep "tag_name" | sed -E 's/.*"([^"]+)".*/\1/')
sudo dpkg -i cloudtruth_${CLOUDTRUTH_CLI_VERSION}_amd64.deb
displayName: 'Install CloudTruth CLI'

- script: |
cloudtruth --api-key $(CTAPI) projects list
displayName: 'Get a list of projects'

On line 15 of the code above, you'll see two things:

  • The projects list command itself, which you can change to any CloudTruth CLI command as long as the API key you're using has access.
  • An environment variable called upon for the API token. The environment variable is $(CTAPI).

To use that variable, you'll have to create it in the pipeline. Click the Variables button as shown in the screenshot below.

Azure DevOps Secrets 9

Click the blue New variable button.

Azure DevOps Secrets 10

Give your variable a name, which can be any name, but ensure that you use the proper environment variable name in your pipeline. Also, make sure that the variable is a secret so it's encrypted.

Once complete, click the blue OK button.

Azure DevOps Secrets 11

Click the blue Save button to save the variable.

Azure DevOps Secrets 12

With the pipeline YAML created and the secret variable created, you're now ready to run the pipeline.

Click the blue Save and run button.

Azure DevOps Secrets 13

You should now see the pipeline queued up.

Azure DevOps Secrets 14Click the Job and once complete, you'll see output containing the list of the CloudTruth projects in your CloudTruth org.

Azure DevOps Secrets 15

Congrats! You have successfully configured CloudTruth and Azure DevOps.

Here's a screencast 


Join ‘The Pipeline’

Our bite-sized newsletter with DevSecOps industry tips and security alerts to increase pipeline velocity and system security.

Subscribe For Free

Continue exploring

Browse All Talks

Continue Reading