lolcreds

Public credential defaults and exposure patterns for authorized security testing.

ngrok

ngroknetwork2 credentials

Credentials2 documented
01

Agent Authtoken

ngrok / authtoken

The ngrok agent authenticates with an authtoken. The ngrok CLI can write the token to the agent configuration file with ngrok config add-authtoken, and the agent also accepts NGROK_AUTHTOKEN as the corresponding environment variable.

user definedsecrettoken

Looks like

example
example

ngrok agent authtoken supplied by environment variable

NGROK_AUTHTOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
example

ngrok agent authtoken in ngrok.yml

authtoken: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
NGROK_AUTHTOKEN
config file
~/.config/ngrok/ngrok.yml, ~/Library/Application Support/ngrok/ngrok.yml

Official default ngrok agent configuration files on Linux and macOS

config file
%LOCALAPPDATA%\ngrok\ngrok.yml

Official default ngrok agent configuration file on Windows

config file
ngrok.yml, ngrok.yaml, docker-compose.yml, compose.yml, .env, .env.local, .env.production, deployment.yaml, values.yaml

Project, container, and Kubernetes files that commonly pass the ngrok authtoken to the agent

secret store

Docker secrets, Kubernetes Secrets, CI/CD variables, cloud secret managers, and password vaults

source code

Startup scripts, Dockerfiles, compose files, deployment manifests, examples, tests, and documentation snippets

logs

Shell history, container logs, CI traces, startup logs, and debug output that may print config or env vars

Notes

ngrok docs identify NGROK_AUTHTOKEN as the environment variable for the authtoken configuration property. No stable public authtoken prefix was confirmed, so patterns are contextual and include the ngrok-specific key name rather than matching arbitrary opaque strings.

02

API Key

ngrok / api-key

ngrok API keys authenticate requests to the ngrok API as bearer tokens. The agent configuration also supports the api_key property and NGROK_API_KEY environment variable.

user definedsecretAPI key

Looks like

example
example

ngrok API key supplied by environment variable

NGROK_API_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
example

ngrok API key in ngrok.yml or Terraform provider configuration context

api_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
NGROK_API_KEY
http header
Authorization

ngrok API requests use bearer-token authentication

config file
~/.config/ngrok/ngrok.yml, ~/Library/Application Support/ngrok/ngrok.yml

Official default ngrok agent configuration files on Linux and macOS

config file
%LOCALAPPDATA%\ngrok\ngrok.yml

Official default ngrok agent configuration file on Windows

config file
ngrok.yml, ngrok.yaml, terraform.tfvars, main.tf, providers.tf, docker-compose.yml, compose.yml, .env, .env.local, .env.production, values.yaml

Project-local ngrok, Terraform, container, and deployment files that may contain api_key or NGROK_API_KEY

secret store

Terraform Cloud variables, CI/CD variables, Docker secrets, Kubernetes Secrets, cloud secret managers, and password vaults

source code

Terraform provider config, API clients, examples, scripts, tests, and deployment manifests

logs

Terraform logs, API debug logs, shell history, CI traces, and container startup output

Notes

ngrok API documentation shows API keys used as bearer tokens in the Authorization header. Patterns are contextual because no stable public value prefix was confirmed.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.