Azure Databricks Personal Access Token
Detects Azure Databricks personal access token patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the dapi prefix is unique to Databricks PATs and the 32-character hex suffix provides strong structural constraint. Added context gating and exclusion rules improve precision and reduce incidental matches.
- Detection quality
- Verified
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- specific
- Risk rating
- 10
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\bdapi[0-9a-f]{32}\bCorroborative evidence keywords
Databricks, dapi, personal access token, PAT, workspace, databricks token, access token, bearer, api key, api_key, apikey, access key, auth token, authorization, conn str, connection string, connectionstring, cookie, credential, database (+43 more)
Proximity: 300 characters
Should match
dapi00000000000000000000000000000000— Databricks PAT with placeholder hex valuedapiaabbccdd11223344556677889900abcd— Databricks PAT with mixed hex charactersdapi0123456789abcdef0123456789abcdef— Databricks PAT with sequential hex
Should not match
dapi0000— Too short to be a valid Databricks PATdatabricks-token=some-other-format— Non-dapi format token stringtemplate example placeholder record identifier— Template/sample context should be excluded even when anchor words are present
Known false positives
- Databricks documentation and tutorials showing example PAT formats. Mitigation: Check for common placeholder hex values and documentation context.
- Expired or revoked Databricks PATs that no longer grant access. Mitigation: Token validation against the Databricks API would confirm active tokens, but detection should still flag for review.