Microsoft Azure Storage Connection String
Description
General
- Documentation: https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
- Summary: Azure Storage products offer cloud and hybrid data storage services to businesses. A valid connection string gives programmatic access to the service and compromises stored data.
- IPs allowlist: Access can be granted to a restricted range of IP addresses. Here is a more detailed documentation.
- Scopes: Azure handles authorization through Role Based Access Control. Roles can be assigned to users or groups, such as owner, contributor, reader. See this documentation for more details.
Revoke the secret
A user key can be revoked using the API. See this page for more details.
Check for suspicious activity
Logs can be audited to detect suspicious activity. The following documentation gives some more details.
Details for Microsoft azure storage connection string
-
Family: credentials
-
Category: cloud_provider
-
Company: Microsoft
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 3
-
Occurrences found for one million commits: 30.15
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- azure
- core\.windows\.net
- type: ContentWhitelistPreValidator
patterns:
- con(n)?(ect|ection)?[._-]?\s?str(ing)?
- type: ContentWhitelistPreValidator
patterns:
- accountname
- type: ContentWhitelistPreValidator
patterns:
- accountkey
Examples
- text: |
"StorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net"
connection_string: DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net
accountkey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
accountname: hello
- text: |
ENCRYPTED_TOKEN:
secure: XN4jRtmGE5Bqg8pPZkqsdazdqkldqc0dqsdqsd5TNJZOPofDMc1QnUsf
AZURE_STORAGE_CONNECTION_STRING: DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net
connection_string: ' DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net'
accountkey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
accountname: hello
- text: |
-blob.connection-string=DefaultEndpointsProtocol=https;AccountName=recordplus;AccountKey=zw3ZC6EZc52FG5cEY/AU0ttvo203CjIqBelcGM/d6W+iTczJakM1ihAQ1mkPsL2de3/j4Trm+x00+AStDb6rdw==;EndpointSuffix=core.windows.net
connection_string: 'DefaultEndpointsProtocol=https;AccountName=recordplus;AccountKey=zw3ZC6EZc52FG5cEY/AU0ttvo203CjIqBelcGM/d6W+iTczJakM1ihAQ1mkPsL2de3/j4Trm+x00+AStDb6rdw==;EndpointSuffix=core.windows.net'
accountkey: zw3ZC6EZc52FG5cEY/AU0ttvo203CjIqBelcGM/d6W+iTczJakM1ihAQ1mkPsL2de3/j4Trm+x00+AStDb6rdw==
accountname: recordplus
# the extra "truc=machin"field shouldn't make the checker fail
- text: |
StorageConnectionString": "DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net;truc=machin"
connection_string: 'DefaultEndpointsProtocol=https;AccountName=hello;AccountKey=g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==;EndpointSuffix=core.windows.net;truc=machin'
accountkey: g8FQca0QnXcrHvjU5PeMpbEv5sN2uwCPhoHbzcvdv7EF6LHLq/D96Rm4S9XRuKRcvff1xdShvAYElNH3NDZhnw==
accountname: hello
