Azure IoT Connection String

Detects Azure IoT Hub connection string patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: azure-devices.net hostname combined with SharedAccessKey structure provides strong structural constraint. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?i)HostName\s*=\s*[^;]+\.azure-devices\.net\s*;\s*(?:SharedAccessKeyName|DeviceId)\s*=\s*[^;]+\s*;\s*SharedAccessKey\s*=\s*[A-Za-z0-9+/]{20,50}={0,2}

Corroborative evidence keywords

IoT Hub, azure-devices.net, SharedAccessKey, HostName, DeviceId, IoT, connection string, device connection, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connectionstring, cookie, credential (+44 more)

Proximity: 300 characters

Should match

• HostName=myhub.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== — IoT Hub owner connection string
• HostName=testhub.azure-devices.net;DeviceId=device1;SharedAccessKey=00000000000000000000000000000000000000== — IoT device connection string
• HostName=prod-hub.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh== — IoT Hub service connection string

Should not match

• HostName=myhub.azure-devices.net;SharedAccessKeyName=iothubowner — Missing SharedAccessKey parameter
• HostName=myserver.database.windows.net;User=admin;Password=secret — SQL connection string, not IoT
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• IoT Hub documentation and quickstart tutorials with placeholder connection strings. Mitigation: Check for common placeholder values and documentation file indicators.
• Test and development IoT Hub connection strings that do not provide production access. Mitigation: Flag for review regardless of environment since test credentials can still expose infrastructure.

References

• Azure IoT connection string entity definition - Microsoft Learn