Skip to main content

Microsoft Azure Storage Account Key

Description

General

  • Documentation: https://docs.microsoft.com/en-us/azure/storage/
  • Summary: Azure is a cloud computing platform created by Microsoft. Among other services, Azure offers storage services. The Microsoft Azure Storage Account Key gives a programmatic access to Azure Blob Storage. Leaking this key can thus compromise the concerned data.
  • IPs allowlist: Access can be granted to a restricted range of IP addresses. Here is a more detailed documentation.
  • Scopes: Azure handles authorization through Role Based Access Control. Roles can be assigned to users or groups, such as owner, contributor, reader. See this documentation for more details.

Revoke the secret

A user key can be revoked using the API. See this page for more details.

Check for suspicious activity

Logs can be audited to detect suspicious activity. The following documentation gives some more details.

Details for Microsoft azure storage account key

  • Family: Api

  • Category: Cloud Provider

  • Company: Microsoft

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 119.83

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- azure
- core\.windows\.net

Examples

- text: |
(https://portal.azure.com/). +CREATE DATABASE SCOPED CREDENTIAL AzureStorageCredential +WITH IDENTITY = 'PankaTSP',
+SECRET = 'g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw=='; + + +-- STEP 3:
Create an external data source to specify location and credential for your Azure storage account.
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==

- text: |
"StorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net"
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==

- text: |
ENCRYPTED_TOKEN:
secure: XN4jRtmGE5Bqg8pPZkqsdazdqkldqc0dqsdqsd5TNJZOPofDMc1QnUsf
AZURE_STORAGE_CONNECTION_STRING: DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net
apikey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==

How can I help you ?