Microsoft Azure Storage Account Key
Description
General
- Documentation: https://docs.microsoft.com/en-us/azure/storage/
- Summary: Azure is a cloud computing platform created by Microsoft. Among other services, Azure offers storage services. The
Microsoft Azure Storage Account Keygives a programmatic access to Azure Blob Storage. Leaking this key can thus compromise the concerned data. - IPs allowlist: Access can be granted to a restricted range of IP addresses. Here is a more detailed documentation.
- Scopes: Azure handles authorization through Role Based Access Control. Roles can be assigned to users or groups, such as owner, contributor, reader. See this documentation for more details.
Revoke the secret
A user key can be revoked using the API. See this page for more details.
Check for suspicious activity
Logs can be audited to detect suspicious activity. The following documentation gives some more details.
Details for Microsoft Azure Storage Account Key
-
Family: token
-
Category: cloud_provider
-
Company: Microsoft
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 2.16
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- azure
- core\.windows\.net
Examples
- text: |
(https://portal.azure.com/). +CREATE DATABASE SCOPED CREDENTIAL AzureStorageCredential +WITH IDENTITY = 'PankaTSP',
+SECRET = 'g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw=='; + + +-- STEP 3:
Create an external data source to specify location and credential for your Azure storage account.
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
