There is no reason not to switch to Workload Identity Federation for Service Connections in Azure DevOps. Compared to secret-based connections, it offers several compelling benefits: Firstly, you eliminate the need for secrets. This means no more manual or automatic rotation of secrets, or worse, being caught off guard when secrets expire unnoticed. Secondly, it’s more secure. Secrets used across multiple projects and stored in key vaults or, even worse, in tools like OneNote, are far more susceptible to compromise than the new identity federation approach.

Using Azure Key Vault in a Pipeline is cool, but it is less secure. The Key Vault setup Have you tried the Key Vault Step in an Azure DevOps Pipeline? If you haven’t, please follow these awesome guides: Azure DevOps Labs. Using secrets from Azure Key Vault in a pipeline Tobias Zimmergren. Using Azure Key Vault Secrets in Azure DevOps pipelines The steps described in these guides are easy, but that effort made me think about the first pair of pros and cons.