Skip to main content

Microsoft Azure Storage Account Key

Description#

General#

  • Documentation: https://docs.microsoft.com/en-us/azure/storage/
  • Summary: Azure is a cloud computing platform created by Microsoft. Among other services, Azure offers storage services. The Microsoft Azure Storage Account Key gives a programmatic access to Azure Blob Storage. Leaking this key can thus compromise the concerned data.
  • IPs allowlist: Access can be granted to a restricted range of IP addresses. Here is a more detailed documentation.
  • Scopes: Azure handles authorization through Role Based Access Control. Roles can be assigned to users or groups, such as owner, contributor, reader. See this documentation for more details.

Revoke the secret#

A user key can be revoked using the API. See this page for more details.

Check for suspicious activity#

Logs can be audited to detect suspicious activity. The following documentation gives some more details.

Details for Microsoft azure storage account key#

  • Category: Cloud Provider

  • Company: Microsoft

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 72.15

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - azure  - core\.windows\.net

Examples#

- text: >    (https://portal.azure.com/). +CREATE DATABASE SCOPED CREDENTIAL AzureStorageCredential +WITH IDENTITY = 'PankaTSP',    +SECRET = 'g8FQcc9GnHbpKivU4HeMpbDv5sP2ziFPhoSazfvrv6YF0ZJLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw=='; + + +-- STEP 3:    Create an external data source to specify location and credential for your Azure storage account.  apikey: g8FQcc9GnHbpKivU4HeMpbDv5sP2ziFPhoSazfvrv6YF0ZJLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
- text: >    "StorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQcc9GnHbpKivU4HeMpbDv5sP2ziFPhoSazfvrv6YF0ZJLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net"  apikey: g8FQcc9GnHbpKivU4HeMpbDv5sP2ziFPhoSazfvrv6YF0ZJLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==