lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Google Gemini API

GoogleAI API1 credential

Credentials1 documented
01

Gemini API Key

google-gemini / api-key

Gemini API keys authenticate requests to Google's Gemini API. Google documents standard and authorization API keys, the x-goog-api-key HTTP header, and the GEMINI_API_KEY / GOOGLE_API_KEY environment variables.

user definedsecretAPI key

Looks like

example
example

Google API key form used by Gemini API keys

AIzaSyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
GEMINI_API_KEY
environment
GOOGLE_API_KEY

Google docs state GOOGLE_API_KEY takes precedence if both variables are set

http header
x-goog-api-key

Gemini REST API key header

source code

notebooks, sample apps, client SDK configuration, committed .env files

config file

.env, shell profiles, deployment manifests, server config

secret store

CI/CD variables, Google Secret Manager, hosted app settings

logs

REST client logs and gateway logs containing x-goog-api-key headers

Notes

Google distinguishes standard Gemini API keys from authorization keys. Both are bearer-style secrets for Gemini requests; rotate any key found in source code, notebooks, logs, or shared deployment configuration.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.