Azure Redis Cache Connection String Password

Detects Azure Cache for Redis connection string password patterns extracted from connection strings. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: structurally constrained Base64 key pattern with Redis-specific context keywords reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?i)(?:redis[._-]?password|cache[._-]?password)\s*[:=]\s*"?[A-Za-z0-9+/]{30,60}={0,2}"?

Corroborative evidence keywords

Redis, redis cache, cache password, access key, redis password, Azure Redis, StackExchange.Redis, ConnectionMultiplexer, api key, api_key, apikey, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential (+44 more)

Proximity: 300 characters

Should match

• redis_password=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== — Redis cache password
• cache_password: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh==" — Cache password with mixed characters
• redis_password="000000000000000000000000000000000000000000" — Redis password with placeholder value

Should not match

• redis_password="" — Empty password value
• redis_password=short — Too short to be a valid Redis key
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Redis documentation with placeholder password values. Mitigation: Check for common placeholder patterns and documentation context.
• Non-Azure Redis passwords in similar format. Mitigation: Use Azure Redis specific keywords for differentiation.

References

• Azure Redis Cache connection string password entity definition - Microsoft Learn