Azure Integration
Connect your Microsoft Azure subscription to Devpilot to provision and manage virtual machines for your deployments.
Azure Integration
The Azure integration connects a Microsoft Azure subscription to your Devpilot workspace using a service principal. Once connected, Devpilot can provision virtual machines on your behalf, install the Devpilot agent on them, and manage their lifecycle.
Prerequisites
- An Azure subscription with an active billing account
- Permission to create an Azure AD service principal (Contributor on the subscription)
- An active Devpilot workspace
Required Credentials
Devpilot stores the following fields for an Azure integration:
| Field | Description |
|---|---|
| Subscription ID | The Azure subscription Devpilot should provision resources in. |
| Tenant ID | The Azure AD tenant that owns the service principal. |
| Client ID | The application (client) ID of the service principal. |
| Client Secret | The client secret generated for the service principal. |
| Region | Default Azure location for new resources (for example eastus, westeurope). |
Creating a Service Principal
Do not use your personal Azure credentials. Create a dedicated service principal so you can revoke the secret without impacting your own access.
Create an App Registration
In the Azure Portal, go to Azure Active Directory > App registrations > New registration. Name it devpilot-integration and register it.
Record IDs
From the app's Overview page copy the Application (client) ID and Directory (tenant) ID. These become the Client ID and Tenant ID fields in Devpilot.
Create a Client Secret
Open Certificates & secrets > Client secrets > New client secret. Set an appropriate expiry and copy the generated value immediately — it is shown only once.
Grant the Subscription Role
Open your target subscription under Subscriptions and navigate to Access control (IAM) > Add role assignment. Assign the Contributor role to the service principal you just created.
Connect Azure in Devpilot
Go to Workspace Settings > Integrations > Connect on the Azure card. Enter the Subscription ID, Tenant ID, Client ID, Client Secret, and default region.
Validate and Save
Devpilot validates the credentials against Azure before saving. If validation fails, check that the client secret has not expired and that the role assignment on the subscription is in place.
What Devpilot Does on Azure
When you provision a server, Devpilot:
- Creates a resource group and network resources for the VM
- Launches a virtual machine using your chosen size and image
- Generates an SSH key pair for the VM
- Configures a network security group for the required inbound ports
- Installs the Devpilot agent on the new VM
Testing and Rotating Credentials
Open the Azure integration and select Test Credentials to re-run validation. To rotate the client secret, create a new secret in the Azure app registration, update the integration in Devpilot, and delete the old secret once Devpilot confirms the new one works.
Set calendar reminders for your Azure client secret expiry date. Azure does not warn Devpilot when a secret is about to expire — the integration will simply start failing on the expiry date.
Troubleshooting
Credential Validation Fails
- Confirm the Client Secret has not expired in App registrations > Certificates & secrets.
- Verify the service principal has Contributor (or higher) on the target subscription.
- Check that the Subscription ID matches the subscription the service principal is authorised against.
Provisioning Fails
- Ensure your Azure subscription has sufficient vCPU quota for the chosen VM size in the target region.
- Check that the region is enabled for your subscription.
Disconnecting Azure
Open the Azure integration and select Remove. Stored credentials are deleted from Devpilot. Azure resources already provisioned through Devpilot remain in your subscription — manage or delete them from the Azure Portal if you no longer need them.