lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Baidu Qianfan

Baidu AI CloudAI API1 credential

Credentials1 documented
01

API Key / Secret Key

baidu-qianfan / api-key-secret-key

Baidu Qianfan and Wenxin Workshop integrations use API Key and Secret Key material to obtain access tokens or authenticate model-service calls. The resulting access token is then used as bearer-style request credential material.

user definedsecretAPI key

Looks like

example
example

Qianfan / Wenxin access token carried in requests after key exchange

access_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
BAIDU_API_KEY, BAIDU_SECRET_KEY, QIANFAN_ACCESS_KEY, QIANFAN_SECRET_KEY
http header
Authorization

bearer-style request credential when integrations use an access token header

http response

token-exchange responses that return access_token values

source code

SDK examples, notebooks, server config, committed .env files

config file

.env, deployment manifests, local shell profiles, application config

secret store

CI/CD variables, Baidu Cloud secret stores, hosted app settings

logs

OAuth/token exchange logs and request URLs containing access_token

Notes

Baidu credentials often appear as a key pair plus a generated access token. Rotate the API Key / Secret Key pair if either half or any derived access token is exposed.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.