Trace where user secret has been used

Question

My web app called RV2 has a client secret called RV2CientSecret. This expired a few days ago so I deleted it and regenerated it with the same name. Is there an easy way to trace where I have used RV2CientSecret?

Answer 1

Hi @Raymond Starkey,

Let follow below steps to trace where you have used RV2CientSecret,

1. Azure does not offer a direct way to see all references to a specific secret, but you can efficiently check the most common places where it might be used. Start by navigating to your App Services and looking under Configuration to see if RV2ClientSecret is set as an environment variable. Additionally, if you are using Azure Key Vault, check under the Secrets section to see if this secret is stored or accessed there. In Azure AD App Registration, verify that the secret is set up under Certificates & Secrets and also review the application manifest for any references.
2. Azure Resource Graph Explorer is a powerful tool that allows you to search across all resources in your Azure environment. To do this, go to Azure Portal > Resource Graph Explorer and run a query to check all App Services for environment variable references to RV2ClientSecret. An example query is:

KQL:

resources | where type contains 'Microsoft.Web/sites' | where tostring(properties.siteConfig.appSettings) contains "RV2ClientSecret" | project name, resourceGroup, properties.siteConfig.appSettings

This query searches across all App Services in your subscription and shows where the secret is configured. 

3. If you are using a cloud-based version control system like GitHub or Azure Repos, you can easily search the entire codebase. In GitHub, simply type RV2ClientSecret in the code search bar within your repository, which searches across all branches, including pull requests. Similarly, in Azure Repos, use the search bar at the top, ensuring the "Code" option is selected. This allows you to find any hardcoded references or environment variable usages within the source code. 
4. Your CI/CD pipelines might also use this secret. In Azure DevOps, check under Pipelines > Library > Variable Groups or look directly in the pipeline YAML files. If you are using GitHub Actions, navigate to Settings > Secrets and variables > Actions to see if the secret is stored as an action secret. These are common places where secrets are stored and accessed during deployments. 
5. you can check Azure AD Audit Logs to see where it's being used. Go to Azure AD > Monitoring > Sign-ins, and filter the logs by the App Registration associated with RV2. This shows authentication attempts and usage patterns, helping you pinpoint which services or applications are utilizing the secret. 
6. To automate the search across all App Services and configurations in your Azure subscription, you can use a PowerShell script. This script connects to Azure and checks all App Services for references to RV2ClientSecret. Here is an example:

Connect-AzAccount
$apps = Get-AzWebApp
foreach ($app in $apps) {
    $settings = Get-AzWebAppSlotConfigName -ResourceGroupName $app.ResourceGroup -Name $app.Name
    if ($settings.AppSettings -match "RV2ClientSecret") {
        Write-Host "Found in App Service: $($app.Name) in Resource Group: $($app.ResourceGroup)"
    }
}

If you have any further assistant, do let me know. 

If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.