lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Argo CD

Argo ProjectCI/CD3 credentials

Credentials3 documented
01

Local Admin/User Password

argo-cd / admin-password

Argo CD local users are defined in argocd-cm and password entries are stored in argocd-secret. Argo CD docs recommend disabling the admin user after additional users or SSO are configured.

generated on installuser definedsecretusername/password

Location

secret store
argocd-secret

Kubernetes Secret containing admin password and local account password hashes

config file
argocd-cm, argocd-rbac-cm

Argo CD local account and RBAC configuration

public interface
Argo CD UI, API server, CLI login
source code

GitOps manifests, Helm values, and committed bootstrap secrets

logs

install output, kubectl commands, and authentication traces

Notes

Initial admin password behavior varies by release/deployment; treat it as generated-on-install rather than static.

02

API Token

argo-cd / api-token

Argo CD local accounts can have apiKey capability and issue tokens for API and CLI automation. User-management docs show local account capabilities such as apiKey and login.

generated on installsecrettoken

Location

http header
Authorization

Bearer token used for Argo CD API requests

secret store

Kubernetes Secrets, CI/CD variables, GitHub Actions secrets, and cloud secret managers

config file

argocd CLI config, pipeline config, .env files, and deployment manifests

source code

deployment scripts, tests, and accidentally committed automation tokens

logs

CI logs, CLI traces, and API client debug output

Notes

Token privileges follow the Argo CD account and RBAC policy.

03

Repository / Cluster Credential

argo-cd / repository-cluster-credentials

Argo CD stores Git repository, Helm repository, cluster, and plugin credentials in Kubernetes Secrets. Secret-management docs cover handling sensitive data and GitOps workflows.

user definedsecretsecret value

Location

secret store

Kubernetes Secrets labeled for Argo CD repositories, clusters, repo-creds, Dex/OIDC client secrets, and plugins

config file

repository secret manifests, argocd-secret, argocd-cm, and Helm values

source code

GitOps repos containing encrypted or plaintext Secret manifests

logs

repo-server sync errors, plugin logs, and CI output

Notes

These secrets can grant Git, Helm registry, Kubernetes cluster, cloud, or SSO provider access depending on the secret type.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.