SAP HANA
SAPdatabase5 credentials
SYSTEM / Database User Password
sap-hana / system-user-password
SAP HANA databases use database users such as SYSTEM and application/technical users for SQL, administration, and service access. Initial passwords are set during installation or provisioning.
Location
SQL clients, HANA Cockpit, Database Explorer, JDBC/ODBC, and hdbsqlHANA user catalog and password verifier state
hdbuserstore references, deployment descriptors, xs/app configs, and backup scripts
hdbuserstore, OS credential stores, Kubernetes Secrets, and password vaults
indexserver traces, audit logs, installer logs, and client debug logs
Notes
SAP HANA requires the SYSTEM password to be set during installation; no universal SYSTEM password is modeled.
hdbuserstore Secure User Store Key
sap-hana / hdbuserstore-key
HANA client tools can store connection credentials in hdbuserstore secure user store keys, allowing scripts to connect without plaintext command-line passwords.
Location
hdbuserstoreSAP HANA secure user store entries on client or server hosts
scripts and service files referencing hdbuserstore key names
backup, monitoring, and deployment automation
hdbsql command traces and failed connection output
XS Advanced / UAA OAuth Client Secret
sap-hana / xs-uaa-oauth-secret
SAP HANA XS Advanced and related services use UAA/OAuth clients, service keys, and JWT signing configuration for application and service authentication.
Location
AuthorizationBearer tokens used by XS Advanced and service APIs
XSA/UAA service and client credential stores
mta.yaml, xs-security.json, service keys, and app environment files
VCAP_SERVICES, HANA_CLIENT_SECRET, XSUAA_CLIENT_SECRETservice keys, Kubernetes Secrets, and external vaults
application repositories and deployment descriptors
application startup logs and OAuth debug traces
SSL / PSE Private Key
sap-hana / ssl-pse-private-key
SAP HANA uses certificates and private keys for TLS, internal communication, and client authentication.
Looks like
pattern-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----Location
HANA certificate stores, PSE/PKCS#12 files, global.ini SSL settings, and client key files
certificate vaults, OS key stores, and backup vaults
system copies, backups, and support archives
Backup Encryption Key / Root Key Material
sap-hana / backup-encryption-key
HANA deployments can use encryption keys for data volume, redo log, and backup encryption. Key backups and root keys are sensitive recovery credentials.
Location
HANA secure store, external key managers, and backup key vaults
encrypted backup sets, key backups, and recovery bundles
encryption and key management configuration
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.