Azure IoT Shared Access Key

Detects Azure IoT Hub shared access key patterns outside of connection strings. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: structurally constrained Base64 pattern with IoT-specific context keywords reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Mixed

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?i)(?:SharedAccessKey|iot[._-]?key|device[._-]?key|iothub[._-]?key)\s*[:=]\s*"?[A-Za-z0-9+/\s]{40,54}={0,2}"?

Corroborative evidence keywords

IoT Hub, IoT, SharedAccessKey, device key, IoT Hub key, azure-devices, access key, shared access, api key, api_key, apikey, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential (+44 more)

Proximity: 300 characters

Should match

• SharedAccessKey=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== — IoT Hub shared access key
• iot_key="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn==" — IoT key with mixed characters
• device_key="000000000000000000000000000000000000000000==" — IoT device key with placeholder

Should not match

• SharedAccessKey=short — Too short to be a valid IoT key
• SharedAccessKeyName=iothubowner — Key name, not key value
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• IoT Hub documentation with placeholder shared access keys. Mitigation: Check for common placeholder patterns and documentation context.
• Shared access keys from other Azure services (Service Bus, Event Hubs). Mitigation: Use IoT-specific corroborative keywords to differentiate.

References

• Azure IoT shared access key entity definition - Microsoft Learn