Azure DevOps Personal Access Token
Detects Azure DevOps personal access token (PAT) patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- universal
- Confidence
- low
- Confidence justification
- Low confidence: generic Base32-like pattern that may match unrelated data. Corroborative evidence keywords are essential for reliable detection. Added context gating and exclusion rules improve precision and reduce incidental matches.
- Detection quality
- Mixed
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- specific
- Risk rating
- 10
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\b[a-z2-7\s]{52,56}\bCorroborative evidence keywords
Azure DevOps, DevOps, VSTS, personal access token, PAT, dev.azure.com, visualstudio.com, authorization, api key, api_key, apikey, access key, access token, auth token, bearer, conn str, connection string, connectionstring, cookie, credential (+44 more)
Proximity: 300 characters
Should match
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa— DevOps PAT with all lowercase a (52 chars)abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz— DevOps PAT with sequential lowercase letters2345672345672345672345672345672345672345672345672345— DevOps PAT with digits 2-7 (52 chars)
Should not match
aaaaaaaaaaaaa— Too short to be a DevOps PATAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA— Uppercase characters not valid for DevOps PAT encodingtemplate example placeholder record identifier— Template/sample context should be excluded even when anchor words are present
Known false positives
- Random 52-character lowercase strings in application data. Mitigation: Require proximity to Azure DevOps specific keywords to confirm context.
- Base32-encoded data that coincidentally matches the 52-character length. Mitigation: Combine with DevOps URL patterns (dev.azure.com, visualstudio.com) for validation.