Terraform init with Azure DevOps and https for module source

So, we are using Azure Devops to store our Terraform config and all the self created module code.
We also want to use a DevOps Pipeline to apply the configuration.

As we are not allowed to use ssh for accessing the repos (traffic has to go trough the https-proxy), so we have to use https for the repository integration so that our source for the module looks like

 source = "git::https://<<ADO_ORG>>@dev.azure.com/<ADO_ORG>>/<<ADO_PROJECT>>>/_git/<<ADO_REPO>>"

Locally running terraform init works completely fine. When running it in the pipeline we see following

│ Error: Failed to download module
│ Could not download module "xyz" (main.tf:3)
│ source code from
│ "git::https://<<ADO_ORG>>@dev.azure.com/<ADO_ORG>>/<<ADO_PROJECT>>>/_git/<<ADO_REPO>>":
│ error downloading
│ 'https://<<ADO_ORG>>@dev.azure.com/<ADO_ORG>>/<<ADO_PROJECT>>>/_git/<<ADO_REPO>>':
│ /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/xyz'...
│ fatal: could not read Password for 'https://<<ADO_ORG>>@dev.azure.com':
│ terminal prompts disabled

We have tested many things right now and only with changeing source to

source = "git::https://<<PAT>>@dev.azure.com/<ADO_ORG>>/<<ADO_PROJECT>>>/_git/<<ADO_REPO>>"

we were able to run terraform init but checking in PAT to git sounds not very right.

Anyone an idea on that?