Microsoft Azure Storage Account Key
Description
General
- Documentation: https://docs.microsoft.com/en-us/azure/storage/
- Summary: Azure is a cloud computing platform created by Microsoft. Among other services, Azure offers storage services. The
Microsoft Azure Storage Account Key
gives a programmatic access to Azure Blob Storage. Leaking this key can thus compromise the concerned data. - IPs allowlist: Access can be granted to a restricted range of IP addresses. Here is a more detailed documentation.
- Scopes: Azure handles authorization through Role Based Access Control. Roles can be assigned to users or groups, such as owner, contributor, reader. See this documentation for more details.
Revoke the secret
A user key can be revoked using the API. See this page for more details.
Check for suspicious activity
Logs can be audited to detect suspicious activity. The following documentation gives some more details.
Details for Microsoft azure storage account key
Family: Api
Category: Cloud Provider
Company: Microsoft
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 119.83
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- azure
- core\.windows\.net
Examples
- text: |
(https://portal.azure.com/). +CREATE DATABASE SCOPED CREDENTIAL AzureStorageCredential +WITH IDENTITY = 'PankaTSP',
+SECRET = 'g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw=='; + + +-- STEP 3:
Create an external data source to specify location and credential for your Azure storage account.
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
- text: |
"StorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net"
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
- text: |
ENCRYPTED_TOKEN:
secure: XN4jRtmGE5Bqg8pPZkqsdazdqkldqc0dqsdqsd5TNJZOPofDMc1QnUsf
AZURE_STORAGE_CONNECTION_STRING: DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==