lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Ollama

OllamaAI API5 credentials

Credentials5 documented
01

Unauthenticated Ollama API

ollama / unauthenticated-local-api

Ollama's documented local API listens on the configured OLLAMA_HOST and is commonly accessed on localhost port 11434 without an application password or API key. Binding the server to non-loopback interfaces can expose model generation, chat, embedding, model pull/push, and model-management endpoints unless protected by a reverse proxy, firewall, or Ollama authentication.

no authcontext dependentother

Unauthenticated access

open default
no authentication required
username
none
password
none

Location

public interface
http://127.0.0.1:11434, http://localhost:11434, /api/generate, /api/chat, /api/embed, /api/tags, /api/pull, /api/push, /api/create, /api/delete

Ollama API host and unauthenticated API endpoint contexts.

environment
OLLAMA_HOST, OLLAMA_ORIGINS, OLLAMA_AUTH
config file
/etc/systemd/system/ollama.service, /etc/default/ollama, /etc/sysconfig/ollama, /usr/lib/systemd/system/ollama.service, ~/.ollama/server.json, ~/.config/ollama/server.json

Linux service and user configuration that controls host binding, CORS origins, and auth-related settings.

config file
~/Library/Application Support/Ollama/server.json, ~/Library/LaunchAgents/com.ollama.ollama.plist

macOS user configuration and launch-agent contexts. CredsHound uses platform linux for Unix-like layouts.

config file
%APPDATA%\Ollama\server.json, %LOCALAPPDATA%\Ollama\server.json, %USERPROFILE%\.ollama\server.json

Windows user configuration contexts.

logs

Ollama server logs, systemd journal, container logs, API traces, and reverse-proxy access logs.

Notes

This represents absence of authentication, not a secret value. It is useful for scanners because exposed Ollama APIs can be security-sensitive even when no credential is present. OLLAMA_AUTH is a boolean auth toggle, not a token value; it is listed here because it changes the authentication surface.

02

Ollama API Key / Auth Token

ollama / ollama-api-key

Ollama cloud, hosted gateways, reverse proxies, or deployments with Ollama authentication enabled can use API keys or bearer tokens for client/server API access. Current Ollama docs and source use OLLAMA_API_KEY for cloud and hosted API key flows. Betterleaks models Ollama API keys as a 32-hex prefix followed by a dot and a 24-character URL-safe suffix in Ollama context.

generated on installuser definedsecretAPI key

Looks like

example
example

Betterleaks ollama-api-key value shape.

00000000000000000000000000000000.XXXXXXXXXXXXXXXXXXXXXXXX
pattern

Contextual Ollama assignment form based on the Betterleaks ollama-api-key detector.

(?i)ollama[ A-Za-z0-9_.-]{0,20}\s*[:=]\s*['"]?([a-f0-9]{32}\.[A-Za-z0-9_-]{24})['"]?

Location

http header
Authorization

Bearer/API-key authorization header used by hosted Ollama-compatible APIs, proxies, or auth-enabled deployments.

http response

Token creation, sign-in, or proxy credential responses that display the key value.

environment
OLLAMA_API_KEY
config file
.env, .env.local, docker-compose.yml, compose.yml, values.yaml, config.yaml, config.yml

Project-local and deployment configuration files used by Ollama clients, gateways, and containers.

config file
~/.ollama/config.json, ~/.ollama/config/config.json, ~/.ollama/server.json, ~/.config/ollama/config.json, ~/.config/ollama/server.json

Linux/macOS user-level Ollama configuration and auth/token cache contexts.

config file
~/Library/Application Support/Ollama/config.json, ~/Library/Application Support/Ollama/server.json

macOS user-level Ollama configuration and auth/token cache contexts. CredsHound uses platform linux for Unix-like layouts.

config file
%APPDATA%\Ollama\config.json, %APPDATA%\Ollama\server.json, %LOCALAPPDATA%\Ollama\config.json, %LOCALAPPDATA%\Ollama\server.json, %USERPROFILE%\.ollama\config.json, %USERPROFILE%\.ollama\server.json

Windows user-level Ollama configuration and auth/token cache contexts.

secret store

CI/CD variables, notebook secrets, cloud secret managers, Kubernetes Secrets, Docker secrets, and password vaults.

source code

SDK clients, notebooks, agent configs, MCP/tool configs, evaluation scripts, examples, and committed application code.

logs

API debug logs, gateway logs, reverse-proxy logs, notebook output, CI traces, and exception reports.

Notes

Local Ollama API deployments may not use this key at all. Use the key shape and surrounding Ollama context to distinguish real Ollama auth tokens from generic opaque secrets. OLLAMA_TOKEN and OLLAMA_AUTH_TOKEN were not added as exact environment locations because current official source/docs checked for this enrichment use OLLAMA_API_KEY for API-key material.

03

OpenAI-compatible Proxy Secret

ollama / openai-compatible-proxy-secret

Ollama can be used through OpenAI-compatible clients and gateways. Many deployments add a reverse proxy, API gateway, LiteLLM/OpenWebUI front-end, or service mesh that injects or validates bearer tokens before forwarding requests to Ollama.

user definedgenerated on installsecrettoken

Location

http header
Authorization, X-API-Key, Proxy-Authorization

Headers commonly used by OpenAI-compatible clients and reverse proxies protecting Ollama.

public interface
/v1/chat/completions, /v1/completions, /v1/embeddings, /api/chat, /api/generate

OpenAI-compatible and native Ollama endpoint contexts.

environment
OPENAI_API_KEY, OLLAMA_API_KEY, LITELLM_MASTER_KEY, WEBUI_SECRET_KEY, OPEN_WEBUI_SECRET_KEY
config file
.env, .env.local, docker-compose.yml, compose.yml, values.yaml, litellm.yaml, config.yaml, config.yml

Gateway, OpenAI-compatible client, and container deployment configuration files.

secret store

Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, gateway secret stores, and password vaults.

source code

agent frameworks, notebooks, demos, tests, MCP servers, and committed SDK client code.

logs

proxy logs, gateway logs, API client traces, notebook output, and CI logs.

Notes

This is product-focused because Ollama deployments often rely on external proxy authentication rather than a native local-server password.

04

Model Registry / SSH Private Key

ollama / model-registry-or-ssh-private-key

Ollama model distribution and developer workflows use an Ollama-owned SSH key pair under the .ollama directory for cloud/model operations. Registry credentials or hosted-service tokens can also be used to push, pull, or manage private models and model artifacts.

generated on installuser definedsecretkey pair

Looks like

pattern
pattern

SSH or PEM private key used by Ollama model registry, developer, or deployment workflows.

-----BEGIN (?:OPENSSH |RSA |EC |)PRIVATE KEY-----

Location

config file
~/.ollama/id_ed25519, /usr/share/ollama/.ollama/id_ed25519

Linux/macOS Ollama-owned private-key locations. The matching public key is id_ed25519.pub and is not secret.

config file
%USERPROFILE%\.ollama\id_ed25519

Windows Ollama-owned private-key location. The matching public key is id_ed25519.pub and is not secret.

config file
.env, docker-compose.yml, compose.yml, values.yaml, config.yaml, config.yml

Deployment configuration that may mount model registry keys or tokens.

secret store

Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, SSH agents, and password vaults.

source code

model publishing scripts, CI workflows, deployment automation, and committed examples.

logs

model push/pull logs, CI traces, SSH debug logs, and deployment output.

artifact

container images, VM images, model bundles, backups, and developer workstation archives.

Notes

Public model names, model manifests, and id_ed25519.pub public keys are not secrets. Generic ~/.ssh private-key files are intentionally not listed as scanner-facing Ollama config_file locations because generic SSH key detection belongs in CredsHound built-ins; this template keeps the product-owned ~/.ollama key paths.

05

Model Cache / Prompt and Request Leakage

ollama / model-cache-and-prompt-leakage

Ollama stores models and can log request bodies when debug request logging is enabled. Model blobs are usually not credentials, but local model caches, Modelfiles, request logs, and debug output can contain embedded prompts, system messages, adapter paths, copied secrets, or proprietary model artifacts.

user definedgenerated on installcontext dependentsecret value

Location

environment
OLLAMA_MODELS, OLLAMA_DEBUG_LOG_REQUESTS, OLLAMA_NOHISTORY, OLLAMA_REMOTES, OLLAMA_NO_CLOUD
artifact
~/.ollama/models, /usr/share/ollama/.ollama/models, /var/lib/ollama/.ollama/models, /var/lib/ollama/models, /opt/ollama/models

Linux model-cache and service-account model directories.

artifact
~/Library/Application Support/Ollama/models, ~/.ollama/models

macOS model-cache directories.

artifact
%USERPROFILE%\.ollama\models, %LOCALAPPDATA%\Ollama\models

Windows model-cache directories.

config file
Modelfile, .ollama_history

Project-local Modelfiles and CLI history files that may contain prompts, templates, or copied secrets. Additional project-specific Modelfile names are possible but omitted to avoid globs.

logs

OLLAMA_DEBUG_LOG_REQUESTS output, server logs, API traces, notebook output, reverse-proxy logs, and CI logs.

artifact

model cache archives, container images, notebook exports, support bundles, and workstation backups.

Notes

This block is context-dependent: model files are often legitimate artifacts, but scanner hits in request logs, Modelfiles, and model-cache bundles may reveal prompts, proprietary models, or copied secrets.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.