Version: 2.1.1-preview

Add-MtMaesterAppFederatedCredential

SYNOPSIS

Adds a federated credential to a Maester application for GitHub Actions authentication.

SYNTAX

ById

Add-MtMaesterAppFederatedCredential -Id <String> [-GitHubOrganization <String>] [-GitHubRepository <String>]
 [-GitHubBranch <String>] [-Name <String>] [-SetGitHubSecrets] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

ByApplicationId

Add-MtMaesterAppFederatedCredential -AppId <String> [-GitHubOrganization <String>] [-GitHubRepository <String>]
 [-GitHubBranch <String>] [-Name <String>] [-SetGitHubSecrets] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

DESCRIPTION

Adds a federated credential (workload identity) to a Maester application to enable authentication from GitHub Actions workflows without using client secrets. The credential allows the specified GitHub repository and branch to authenticate as the application.

EXAMPLES

EXAMPLE 1

Add-MtMaesterAppFederatedCredential -AppId "12345678-1234-1234-1234-123456789012" -GitHubOrganization "myorg" -GitHubRepository "myrepo"

Adds a federated credential for the main branch of myorg/myrepo to the specified Maester app.

EXAMPLE 2

Add-MtMaesterAppFederatedCredential -Id "87654321-4321-4321-4321-210987654321" -GitHubOrganization "myorg" -GitHubRepository "myrepo" -Name "maester-develop"

Adds a federated credential for the develop branch with a custom name.

EXAMPLE 3

Add-MtMaesterAppFederatedCredential -AppId "12345678-1234-1234-1234-123456789012" -SetGitHubSecrets

Auto-detects the GitHub organization and repository from the current git remote, adds the federated credential, and pushes AZURE_CLIENT_ID / AZURE_TENANT_ID to the repo's Actions secrets via the GitHub CLI.

PARAMETERS

-Id

The Object ID of the Maester application to add the federated credential to.

Type: String
Parameter Sets: ById
Aliases: ObjectId

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AppId

The Application (Client) ID of the Maester application to add the federated credential to.

Type: String
Parameter Sets: ByApplicationId
Aliases: ClientId

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GitHubOrganization

Your GitHub organization name or GitHub username. E.g. jasonf. If omitted (together with -GitHubRepository) the value is auto-detected from the local git remote ('origin') when the current directory is a git repo.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GitHubRepository

The GitHub repository name (without the organization). E.g. maester-tests. If both -GitHubOrganization and -GitHubRepository are omitted and the current working directory is inside a git repository whose 'origin' remote points at GitHub, both values are auto-detected from git remote get-url origin. Specifying one without the other is not supported - either pass both explicitly, or pass neither and rely on auto-detection.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GitHubBranch

The GitHub branch that can use this credential. Defaults to 'main'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: Main
Accept pipeline input: False
Accept wildcard characters: False

-Name

The name for the federated credential. Defaults to 'maester-devops-<org>-<repo>'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SetGitHubSecrets

If specified, sets the AZURE_CLIENT_ID and AZURE_TENANT_ID secrets on the target GitHub repository using the GitHub CLI (gh). Requires gh to be installed and authenticated (gh auth login). When the secrets cannot be set automatically the cmdlet falls back to printing the manual setup instructions.

Re-running the cmdlet with -SetGitHubSecrets against an app that already has a matching federated credential will skip the credential creation step and proceed directly to (re)setting the secrets.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

https://maester.dev/docs/commands/Add-MtMaesterAppFederatedCredential

SYNOPSIS​

SYNTAX​

ById​

ByApplicationId​

DESCRIPTION​

EXAMPLES​

EXAMPLE 1​

EXAMPLE 2​

EXAMPLE 3​

PARAMETERS​

-Id​

-AppId​

-GitHubOrganization​

-GitHubRepository​

-GitHubBranch​

-Name​

-SetGitHubSecrets​

-ProgressAction​

CommonParameters​

INPUTS​

OUTPUTS​

NOTES​

RELATED LINKS​