Azure Function Master / API Key
Detects Azure Functions master key and API key patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: structurally constrained pattern with Azure Functions context keywords reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.
- Detection quality
- Verified
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- specific
- Risk rating
- 10
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported
Pattern
(?i)(?:x-functions-key|master[._-]?key|function[._-]?key|host[._-]?key|default[._-]?key)\s*[:=]\s*"?[A-Za-z0-9_\-]{30,60}"?Corroborative evidence keywords
Azure Functions, function app, x-functions-key, master key, host key, function key, api key, azurewebsites.net, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential (+44 more)
Proximity: 300 characters
Should match
x-functions-key=AAAA0000BBBB1111CCCC2222DDDD3333EEEE4444FFFF— Azure Functions host keymaster_key="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop"— Functions master keyfunction_key="000000000000000000000000000000000000000000"— Function key with placeholder value
Should not match
x-functions-key=""— Empty key valuefunctionAppName=my-function-app— Function app name, not a keytemplate example placeholder record identifier— Template/sample context should be excluded even when anchor words are present
Known false positives
- Azure Functions documentation and deployment templates with placeholder keys. Mitigation: Check for common placeholder patterns and documentation context.
- API keys from other services that use similar alphanumeric formats. Mitigation: Require proximity to Azure Functions specific keywords for differentiation.