Microsoft Entra Client Secret
Detects Microsoft Entra (formerly Azure AD) client secret patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: structurally constrained pattern with Microsoft Entra / Azure AD context keywords reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.
- Detection quality
- Partial
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- specific
- Risk rating
- 10
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported
Pattern
(?i)(?:client[._-]?secret|AZURE[._-]?CLIENT[._-]?SECRET|aad[._-]?client[._-]?secret)\s*[:=]\s*"?[A-Za-z0-9~._-]{30,45}"?Corroborative evidence keywords
Entra, Azure AD, client secret, app registration, tenant, AZURE_CLIENT_SECRET, client_id, application, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie (+45 more)
Proximity: 300 characters
Should match
AZURE_CLIENT_SECRET=AAAA0000~BBBB.1111-CCCC_2222-DDDD3333— Entra client secret in environment variableclient_secret: "ABCDEFghijklmnop0123456789~._-ABCD"— Client secret in config fileaad_client_secret="000000000000000000000000000000000000"— Azure AD client secret placeholder
Should not match
AZURE_CLIENT_SECRET=""— Empty secret valueAZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000— Client ID (GUID), not client secrettemplate example placeholder record identifier— Template/sample context should be excluded even when anchor words are present
Known false positives
- Microsoft identity platform documentation with example client secrets. Mitigation: Check for common placeholder patterns and documentation context.
- Generic client secret parameters from non-Microsoft OAuth providers. Mitigation: Require proximity to Azure AD or Entra specific keywords for differentiation.