Ollama
OllamaAI API5 credentials
Unauthenticated Ollama API
ollama / unauthenticated-local-api
Ollama's documented local API listens on the configured OLLAMA_HOST and is commonly accessed on localhost port 11434 without an application password or API key. Binding the server to non-loopback interfaces can expose model generation, chat, embedding, model pull/push, and model-management endpoints unless protected by a reverse proxy, firewall, or Ollama authentication.
Unauthenticated access
open defaultno authentication required- username
- none
- password
- none
Location
http://127.0.0.1:11434, http://localhost:11434, /api/generate, /api/chat, /api/embed, /api/tags, /api/pull, /api/push, /api/create, /api/deleteOllama API host and unauthenticated API endpoint contexts.
OLLAMA_HOST, OLLAMA_ORIGINS, OLLAMA_AUTH/etc/systemd/system/ollama.service, /etc/default/ollama, /etc/sysconfig/ollama, /usr/lib/systemd/system/ollama.service, ~/.ollama/server.json, ~/.config/ollama/server.jsonLinux service and user configuration that controls host binding, CORS origins, and auth-related settings.
~/Library/Application Support/Ollama/server.json, ~/Library/LaunchAgents/com.ollama.ollama.plistmacOS user configuration and launch-agent contexts. CredsHound uses platform linux for Unix-like layouts.
%APPDATA%\Ollama\server.json, %LOCALAPPDATA%\Ollama\server.json, %USERPROFILE%\.ollama\server.jsonWindows user configuration contexts.
Ollama server logs, systemd journal, container logs, API traces, and reverse-proxy access logs.
Notes
This represents absence of authentication, not a secret value. It is useful for scanners because exposed Ollama APIs can be security-sensitive even when no credential is present. OLLAMA_AUTH is a boolean auth toggle, not a token value; it is listed here because it changes the authentication surface.
Ollama API Key / Auth Token
ollama / ollama-api-key
Ollama cloud, hosted gateways, reverse proxies, or deployments with Ollama authentication enabled can use API keys or bearer tokens for client/server API access. Current Ollama docs and source use OLLAMA_API_KEY for cloud and hosted API key flows. Betterleaks models Ollama API keys as a 32-hex prefix followed by a dot and a 24-character URL-safe suffix in Ollama context.
Looks like
example00000000000000000000000000000000.XXXXXXXXXXXXXXXXXXXXXXXX(?i)ollama[ A-Za-z0-9_.-]{0,20}\s*[:=]\s*['"]?([a-f0-9]{32}\.[A-Za-z0-9_-]{24})['"]?Location
AuthorizationBearer/API-key authorization header used by hosted Ollama-compatible APIs, proxies, or auth-enabled deployments.
Token creation, sign-in, or proxy credential responses that display the key value.
OLLAMA_API_KEY.env, .env.local, docker-compose.yml, compose.yml, values.yaml, config.yaml, config.ymlProject-local and deployment configuration files used by Ollama clients, gateways, and containers.
~/.ollama/config.json, ~/.ollama/config/config.json, ~/.ollama/server.json, ~/.config/ollama/config.json, ~/.config/ollama/server.jsonLinux/macOS user-level Ollama configuration and auth/token cache contexts.
~/Library/Application Support/Ollama/config.json, ~/Library/Application Support/Ollama/server.jsonmacOS user-level Ollama configuration and auth/token cache contexts. CredsHound uses platform linux for Unix-like layouts.
%APPDATA%\Ollama\config.json, %APPDATA%\Ollama\server.json, %LOCALAPPDATA%\Ollama\config.json, %LOCALAPPDATA%\Ollama\server.json, %USERPROFILE%\.ollama\config.json, %USERPROFILE%\.ollama\server.jsonWindows user-level Ollama configuration and auth/token cache contexts.
CI/CD variables, notebook secrets, cloud secret managers, Kubernetes Secrets, Docker secrets, and password vaults.
SDK clients, notebooks, agent configs, MCP/tool configs, evaluation scripts, examples, and committed application code.
API debug logs, gateway logs, reverse-proxy logs, notebook output, CI traces, and exception reports.
Notes
Local Ollama API deployments may not use this key at all. Use the key shape and surrounding Ollama context to distinguish real Ollama auth tokens from generic opaque secrets. OLLAMA_TOKEN and OLLAMA_AUTH_TOKEN were not added as exact environment locations because current official source/docs checked for this enrichment use OLLAMA_API_KEY for API-key material.
OpenAI-compatible Proxy Secret
ollama / openai-compatible-proxy-secret
Ollama can be used through OpenAI-compatible clients and gateways. Many deployments add a reverse proxy, API gateway, LiteLLM/OpenWebUI front-end, or service mesh that injects or validates bearer tokens before forwarding requests to Ollama.
Location
Authorization, X-API-Key, Proxy-AuthorizationHeaders commonly used by OpenAI-compatible clients and reverse proxies protecting Ollama.
/v1/chat/completions, /v1/completions, /v1/embeddings, /api/chat, /api/generateOpenAI-compatible and native Ollama endpoint contexts.
OPENAI_API_KEY, OLLAMA_API_KEY, LITELLM_MASTER_KEY, WEBUI_SECRET_KEY, OPEN_WEBUI_SECRET_KEY.env, .env.local, docker-compose.yml, compose.yml, values.yaml, litellm.yaml, config.yaml, config.ymlGateway, OpenAI-compatible client, and container deployment configuration files.
Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, gateway secret stores, and password vaults.
agent frameworks, notebooks, demos, tests, MCP servers, and committed SDK client code.
proxy logs, gateway logs, API client traces, notebook output, and CI logs.
Notes
This is product-focused because Ollama deployments often rely on external proxy authentication rather than a native local-server password.
Model Registry / SSH Private Key
ollama / model-registry-or-ssh-private-key
Ollama model distribution and developer workflows use an Ollama-owned SSH key pair under the .ollama directory for cloud/model operations. Registry credentials or hosted-service tokens can also be used to push, pull, or manage private models and model artifacts.
Looks like
pattern-----BEGIN (?:OPENSSH |RSA |EC |)PRIVATE KEY-----Location
~/.ollama/id_ed25519, /usr/share/ollama/.ollama/id_ed25519Linux/macOS Ollama-owned private-key locations. The matching public key is id_ed25519.pub and is not secret.
%USERPROFILE%\.ollama\id_ed25519Windows Ollama-owned private-key location. The matching public key is id_ed25519.pub and is not secret.
.env, docker-compose.yml, compose.yml, values.yaml, config.yaml, config.ymlDeployment configuration that may mount model registry keys or tokens.
Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, SSH agents, and password vaults.
model publishing scripts, CI workflows, deployment automation, and committed examples.
model push/pull logs, CI traces, SSH debug logs, and deployment output.
container images, VM images, model bundles, backups, and developer workstation archives.
Notes
Public model names, model manifests, and id_ed25519.pub public keys are not secrets. Generic ~/.ssh private-key files are intentionally not listed as scanner-facing Ollama config_file locations because generic SSH key detection belongs in CredsHound built-ins; this template keeps the product-owned ~/.ollama key paths.
Model Cache / Prompt and Request Leakage
ollama / model-cache-and-prompt-leakage
Ollama stores models and can log request bodies when debug request logging is enabled. Model blobs are usually not credentials, but local model caches, Modelfiles, request logs, and debug output can contain embedded prompts, system messages, adapter paths, copied secrets, or proprietary model artifacts.
Location
OLLAMA_MODELS, OLLAMA_DEBUG_LOG_REQUESTS, OLLAMA_NOHISTORY, OLLAMA_REMOTES, OLLAMA_NO_CLOUD~/.ollama/models, /usr/share/ollama/.ollama/models, /var/lib/ollama/.ollama/models, /var/lib/ollama/models, /opt/ollama/modelsLinux model-cache and service-account model directories.
~/Library/Application Support/Ollama/models, ~/.ollama/modelsmacOS model-cache directories.
%USERPROFILE%\.ollama\models, %LOCALAPPDATA%\Ollama\modelsWindows model-cache directories.
Modelfile, .ollama_historyProject-local Modelfiles and CLI history files that may contain prompts, templates, or copied secrets. Additional project-specific Modelfile names are possible but omitted to avoid globs.
OLLAMA_DEBUG_LOG_REQUESTS output, server logs, API traces, notebook output, reverse-proxy logs, and CI logs.
model cache archives, container images, notebook exports, support bundles, and workstation backups.
Notes
This block is context-dependent: model files are often legitimate artifacts, but scanner hits in request logs, Modelfiles, and model-cache bundles may reveal prompts, proprietary models, or copied secrets.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.