This post provides a practical script designed to scan through your Azure web apps to find any access keys hidden in their settings. We’re going to list out each web app’s settings and then comb through them to spot any access keys. This is crucial for keeping your cloud environment secure by ensuring sensitive keys aren’t accidentally exposed.
aws_access_key_id="YOUR_AWS_ACCESS_KEY_ID_HERE" # Replace this with the actual AWS Access Key ID you are searching for
az webapp list --query "[].{name:name, resourceGroup:resourceGroup}" -o tsv | while read -r name rg; do
echo "Checking Web App: $name in Resource Group: $rg"
# List the app settings for the current web app
settings=$(az webapp config appsettings list --name "$name" --resource-group "$rg")
# Search for AWS Access Key in the app settings
if echo "$settings" | grep -q "$aws_access_key_id"; then
echo "Found AWS Access Key in Web App: $name, Resource Group: $rg"
else
echo "AWS Access Key not found in Web App: $name"
fi
done