IBM Db2
IBMdatabase4 credentials
Database User Password
ibm-db2 / database-user-password
Db2 authenticates users through the operating system, LDAP, Kerberos, or external security plugins; database and instance administration uses OS or directory identities such as the instance owner and application users.
Location
Db2 CLP, JDBC/ODBC, DRDA, Data Server Manager, and administrative toolscatalog grants, roles, trusted contexts, and auth metadata tied to external user identities
db2dsdriver.cfg, JDBC properties, ODBC DSNs, app server data sources, and scripts
keystores, password vaults, Kubernetes Secrets, and OS credential stores
db2diag.log, audit logs, client traces, and application connection errors
Notes
Db2 normally delegates password verification to OS/LDAP/Kerberos rather than storing a universal database password.
Application Data Source Secret
ibm-db2 / application-datasource-secret
Applications and middleware store Db2 usernames/passwords or Kerberos keytab references for database access.
Location
application properties, WebSphere/JBoss data sources, db2cli.ini, db2dsdriver.cfg, and connection profiles
DB2_USER, DB2_PASSWORD, DATABASE_URLCI/CD variables, vaults, and cloud secret managers
application repositories, tests, and deployment manifests
JDBC/ODBC debug output and application error logs
SSL Keystore / Private Key
ibm-db2 / ssl-keystore-and-private-key
Db2 supports SSL/TLS and certificate-based authentication that rely on server/client keystores, private keys, and keystore passwords.
Looks like
pattern-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----Location
Db2 SSL_SVR_KEYDB, SSL_SVR_STASH, client keystores, and TLS configuration
GSKit key databases, stash files, certificate vaults, and HSMs
database server backups and support bundles
Federation, HADR, and Backup Secrets
ibm-db2 / federation-and-backup-secrets
Db2 environments may store federation server credentials, HADR/replication secrets, backup encryption keys, and storage credentials.
Location
federated server/user mappings and catalog metadata
replication configs, backup scripts, encryption key manager config, and storage profiles
backup vaults, key managers, and cloud secret stores
replication, backup, and restore logs
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.