Skip to main content

Microsoft Azure Storage Account Key

Description#

General#

  • Documentation: https://docs.microsoft.com/en-us/azure/storage/
  • Summary: Azure is a cloud computing platform created by Microsoft. Among other services, Azure offers storage services. The Microsoft Azure Storage Account Key gives a programmatic access to Azure Blob Storage. Leaking this key can thus compromise the concerned data.
  • IPs allowlist: Access can be granted to a restricted range of IP addresses. Here is a more detailed documentation.
  • Scopes: Azure handles authorization through Role Based Access Control. Roles can be assigned to users or groups, such as owner, contributor, reader. See this documentation for more details.

Revoke the secret#

A user key can be revoked using the API. See this page for more details.

Check for suspicious activity#

Logs can be audited to detect suspicious activity. The following documentation gives some more details.

Details for Microsoft azure storage account key#

  • Family: Api

  • Category: Cloud Provider

  • Company: Microsoft

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 119.83

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - azure  - core\.windows\.net

Examples#

- text: |    (https://portal.azure.com/). +CREATE DATABASE SCOPED CREDENTIAL AzureStorageCredential +WITH IDENTITY = 'PankaTSP',    +SECRET = 'g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw=='; + + +-- STEP 3:    Create an external data source to specify location and credential for your Azure storage account.  apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
- text: |    "StorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net"  apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
- text: |    ENCRYPTED_TOKEN:      secure: XN4jRtmGE5Bqg8pPZkqsdazdqkldqc0dqsdqsd5TNJZOPofDMc1QnUsf    AZURE_STORAGE_CONNECTION_STRING: DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net  apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==