Modify S6338: Improve samples (#3072)

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

rules/S6338/secrets/rule.adoc

@@ -32,11 +32,72 @@ include::../../../shared_content/secrets/fix/vault.adoc[]
 
 === Code examples
 
-:example_secret: 4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg==
-:example_name: storage_key
-:example_env: STORAGE_KEY
+==== Noncompliant code example
 
-include::../../../shared_content/secrets/examples.adoc[]
+[source,csharp,diff-id=1,diff-type=noncompliant]
+----
+using Azure.Storage.Blobs;
+using Azure.Storage;
+
+class Example
+{
+    static void Main(string[] args)
+    {
+        string account = "accountname";
+        string accountKey = "4dVw+l0W8My+FwuZ08dWXn+gHxcmBtS7esLAQSrm6/Om3jeyUKKGMkfAh38kWZlItThQYsg31v23A0w/uVP4pg=="; // Noncompliant
+        StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);
+
+        BlobServiceClient blobServiceClient = new BlobServiceClient(
+            new Uri($"https://{account}.blob.core.windows.net"),
+            sharedKeyCredential);
+    }
+}
+----
+
+==== Compliant solution
+
+Using environment variables:
+
+[source,csharp,diff-id=1,diff-type=compliant]
+----
+using System;
+using Azure.Storage.Blobs;
+using Azure.Storage;
+
+class Example
+{
+    static void Main(string[] args)
+    {
+        string account = Environment.GetEnvironmentVariable("ACCOUNT_NAME");
+        string accountKey = Environment.GetEnvironmentVariable("ACCOUNT_KEY");
+        StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);
+
+        BlobServiceClient blobServiceClient = new BlobServiceClient(
+            new Uri($"https://{account}.blob.core.windows.net"),
+            sharedKeyCredential);
+    }
+}
+----
+
+Using a passwordless approach, thanks to https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-dotnet?tabs=visual-studio%2Cmanaged-identity%2Croles-azure-portal%2Csign-in-azure-cli%2Cidentity-visual-studio#sign-in-and-connect-your-app-code-to-azure-using-defaultazurecredential[DefaultAzureCredential]:
+
+[source,csharp]
+----
+using System;
+using Azure.Storage.Blobs;
+using Azure.Identity;
+
+class Example
+{
+    static void Main(string[] args)
+    {
+        string account = Environment.GetEnvironmentVariable("ACCOUNT_NAME");
+        var blobServiceClient = new BlobServiceClient(
+                new Uri($"https://{account}.blob.core.windows.net"),
+                new DefaultAzureCredential());
+    }
+}
+----
 
 //=== How does this work?