Azure Storage Account Keys are similar to the root password, allowing full access to Azure Storage Accounts.
If the application interacts with Azure Cloud Storage services, access keys should be secured and not be disclosed.
Recommended Secure Coding Practices
Only administrators should have access to storage account keys. To authorize an application to access an Azure Storage, it’s recommended to createa service principal and assign it the required privileges only. AzureIdentity SDK provides several options such as DefaultAzureCredential that can be used to retrieve secrets from, for instance, environmentvariables.
Storage account keys should not be stored with the application code or saved anywhere in plain text accessible to others. Consider using an Azure Key Vault to store and manage keys.
When credentials are disclosed in the application code, consider them as compromised and rotate them immediately.