OpenCode
SSTAI API3 credentials
Provider API Key
opencode / provider-api-key
OpenCode can authenticate to model providers through provider environment variables, explicit provider config, or auth login storage.
Looks like
examplesk-proj-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXsk-ant-api03-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXghp_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXLocation
OPENAI_API_KEY, ANTHROPIC_API_KEY, AZURE_OPENAI_API_KEY, GOOGLE_GENERATIVE_AI_API_KEY, GROQ_API_KEY, XAI_API_KEY, OPENROUTER_API_KEY, GITHUB_TOKEN, GH_TOKEN~/.local/share/opencode/auth.json, ~/.config/opencode/opencode.json, ~/.config/opencode/opencode.jsonc, ~/.config/opencode/tui.jsonOfficial OpenCode auth and global config files on Unix-like systems
opencode.json, opencode.jsonc, .opencode/opencode.json, .opencode/opencode.jsonc, .env, .env.local, .env.productionProject-local OpenCode config and environment files
GitHub Actions secrets, GitLab CI variables, cloud secret managers, Docker secrets, Kubernetes Secrets, and password vaults
OpenCode tool/plugin files, custom agents, workflow examples, tests, scripts, and committed provider config
OpenCode logs, CI traces, shell history, debug output, provider request traces, and terminal transcripts
Notes
Provider key names are provider-owned and are included because official OpenCode docs/source show OpenCode consuming them directly or through provider config.
OpenCode Auth JSON
opencode / auth-json
OpenCode stores API keys and OAuth tokens configured by opencode auth login or /connect in auth.json.
Location
~/.local/share/opencode/auth.jsonOfficial OpenCode auth storage path documented for macOS/Linux and WSL
OPENCODE_AUTH_JSONOpenCode GitLab integration variable carrying the auth JSON content
CI/CD variables and deployment secrets containing OPENCODE_AUTH_JSON or provider keys
Workflow snippets that materialize auth.json for OpenCode automation
CI traces and setup logs that print auth JSON or provider keys
Notes
OPENCODE_AUTH_JSON is documented for GitLab integration as serialized OpenCode authentication JSON, not a conventional provider token.
MCP OAuth Token
opencode / mcp-oauth-token
OpenCode MCP authorization stores OAuth tokens for remote MCP servers.
Location
~/.local/share/opencode/mcp-auth.jsonOfficial OpenCode MCP auth token storage path on Unix-like systems
Password vaults, CI variables, and secret managers used to move MCP authorization state between environments
MCP server configuration examples and setup scripts
MCP auth debug logs and OAuth callback traces
Notes
No stable OpenCode-specific token prefix was found; detect this surface by exact file path and OAuth field context.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.