Nitro Azure Pipelines Tasks

Azure Pipelines tasks wrapping the Nitro CLI for the most common tasks.

The @16 suffix pins the task to Nitro CLI major version 16. Each task self-installs the matching CLI on first use; no separate installer task is required.

Authentication

Every task authenticates against the Nitro registry. Two options:

1. Nitro service connection (recommended) — store the API key once in project settings; tasks reference it by name. Rotation and access control happen in one place.
2. API key pipeline variable — pass a secret variable directly into each task.

Option 1: Nitro service connection (recommended)

Create the connection once per project:

1. Project Settings → Service connections → New service connection.
2. Pick Nitro from the list.
3. Paste the API key. Keep Cloud URL at its default; overriding this is only required when self-hosting or using a dedicated instance.
4. Name the connection (e.g. nitro-prod) and save.

Reference it from a task with authType: serviceConnection:

steps:
  - task: NitroFusionPublish@16
    inputs:
      authenticationType: serviceConnection
      nitroServiceConnection: nitro-prod
      apiId: $(NITRO_API_ID)
      tag: $(Build.BuildNumber)
      stage: production
      sourceSchemas: |
        accounts
        products

The API key and cloud URL are read from the connection; do not set apiKey or cloudUrl on the task.

Option 2: API key pipeline variable

steps:
  - task: NitroFusionPublish@16
    inputs:
      authenticationType: apiKey
      apiKey: $(NITRO_API_KEY) # secret pipeline variable
      apiId: $(NITRO_API_ID)
      tag: $(Build.BuildNumber)
      stage: production
      sourceSchemas: |
        accounts
        products

apiKey is sensitive. Always pass it through a secret pipeline variable or a linked variable group — never inline a literal key. Azure Pipelines only masks values that come from secret variables.

Tasks