CircleCI
CircleCICI/CD3 credentials
Personal API Token
circleci / personal-api-token
CircleCI users create personal API tokens for API and CLI access.
Location
Circle-TokenCircleCI API token header
AuthorizationBasic or token-based CircleCI API authentication
CircleCI CLI config, .env files, scripts, and Terraform provider config
CIRCLE_TOKEN, CIRCLECI_TOKENCI/CD variables, password managers, and cloud secret managers
automation scripts and accidentally committed configs
curl traces, CLI debug logs, and job output
Project / Context Environment Variable Secret
circleci / project-context-env-var
CircleCI projects and contexts store environment variables used by jobs, including deploy keys, cloud tokens, package credentials, and passwords.
Location
CircleCI project environment variables and organization contexts
runtime job environment variables injected by CircleCI
.circleci/config.yml references to secret variable names
job output if commands print secret values or xtrace is enabled
SSH Key / Deploy Key
circleci / ssh-key-and-deploy-key
CircleCI can store SSH keys for checking out private repositories or deploying from jobs.
Looks like
pattern-----BEGIN (RSA |OPENSSH |EC |)PRIVATE KEY-----Location
CircleCI project SSH keys and deploy key storage
job config referencing add_ssh_keys fingerprints
.circleci/config.yml and setup scripts
SSH debug output and accidental key prints
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.