General Symmetric Key

Detects general symmetric encryption key patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. In Purview, this is a broad, function-based detector. This keyword-based version flags documents that may contain symmetric keys for further review.

Type

regex

Engine

universal

Confidence

low

Confidence justification

Low confidence: broad keyword-based detection that will match key-related terminology in documentation, code comments, and non-sensitive contexts. Intended as a wide-net classifier. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

wide

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?i)\b(?:symmetric[_-]?key|encryption[_-]?key|signing[_-]?key|secret[_-]?key|shared[_-]?key|master[_-]?key)\s*[:=]\s*"?[A-Za-z0-9+/=]{16,}"?

Corroborative evidence keywords

symmetric key, encryption key, signing key, secret key, shared key, master key, AES, HMAC, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie (+44 more)

Proximity: 300 characters

Should match

• encryption_key=AAAA0000BBBB1111CCCC2222DDDD3333 — Encryption key assignment
• signing_key: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef" — Signing key in config
• secret_key="0000000000000000000000000000000000000000" — Secret key with placeholder value

Should not match

• The symmetric key must be rotated every 90 days — Key rotation policy documentation
• encryption_key="" — Empty key value
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Cryptography documentation and security architecture documents discussing key management. Mitigation: Check for assignment operators following the keyword to differentiate from descriptive text.
• Source code containing key variable declarations without actual key material. Mitigation: Verify that the value following the keyword appears to be actual key material (Base64, hex).

References

• General symmetric key entity definition - Microsoft Learn