Fix guide · critical · azure_storage_key

Azure Storage connection string in client code

Why it matters

Account key gives full read/write/delete access to every container in the storage account. Attackers can pull all your blobs, modify them, or rack up egress charges.

How to fix it

1. Rotate the storage account key in Azure Portal → Storage account → Access keys → "Rotate key".
2. Switch to SAS (Shared Access Signature) tokens scoped to specific containers and time-limited.
3. For client uploads, use user-delegation SAS generated server-side per request.

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.