How do I authenticate an Azure Repos service connection with another principal than a personal principal?
I have struggled with this question myself on the company I work. We had the same issue with different projects and organizations and source control templates. As you cannot interact with Azure devops Repos through different organizations without the PAT, we got the decision to have a central Github repository and store all the files there.
As you mentioned the PAT is linked with the person that creates it. You could also create a new user on the azure active directory for devops purposes and use this one but the Github solution could be better.
Our approach:
We created a connection with Github from a project and the linked app appeared on Github Applications.
This way you will have a service connection on every project of your organization of type Github (using azure pipelines app)
Then you will use this service connection to download code across your organizations but you should keep your source control on Github.
Code example:
resources:
repositories:
- repository: devops
type: github
name: ORG/DevOps
ref: azure-devops-dev
endpoint: MyConnectionWithGithubApp