Azure Storage Account Access Key

Detects Azure Storage account access key patterns in connection strings. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: DefaultEndpointsProtocol prefix combined with AccountKey of exactly 88 Base64 characters is structurally unique to Azure Storage connection strings. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Partial

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible

Pattern

DefaultEndpointsProtocol=https?;AccountName=[^;]+;AccountKey=[A-Za-z0-9+/\s]{86,92}={0,2}

Corroborative evidence keywords

Azure Storage, storage account, AccountKey, AccountName, DefaultEndpointsProtocol, blob, container, connection string, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connectionstring, cookie, credential (+44 more)

Proximity: 300 characters

Should match

• DefaultEndpointsProtocol=https;AccountName=myaccount;AccountKey=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== — Azure Storage connection string with 88-char key
• DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=00000000000000000000000000000000000000000000000000000000000000000000000000000000000000== — Storage emulator connection string
• DefaultEndpointsProtocol=https;AccountName=prodstore;AccountKey=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEFGHIJKLMNOPQRSTUV== — Storage connection with mixed case key

Should not match

• DefaultEndpointsProtocol=https;AccountName=myaccount — Storage connection without AccountKey
• AccountKey=shortkey — Account key too short to be valid
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Azure Storage documentation with placeholder connection strings and example keys. Mitigation: Check for the well-known development storage emulator key and documentation patterns.
• Azurite local storage emulator using the well-known development account key. Mitigation: Exclude the known Azurite/development storage emulator key value.

References

• Azure Storage account access key entity definition - Microsoft Learn