Sonatype Nexus Repository
SonatypeCI/CD3 credentials
Administrator Password
sonatype-nexus / admin-password
Nexus Repository uses administrator and user accounts for UI and API access. Sonatype documentation covers resetting the admin password and local/remote authentication integrations.
Location
Nexus security database storing users, roles, and password verifier data
nexus.properties, runtime environment configuration, and deployment manifests
Nexus Repository UI and REST APIsKubernetes Secrets, cloud secret managers, and deployment vaults
Docker Compose files, Helm values, tests, and committed configuration
startup logs, admin password reset output, and authentication traces
Notes
Initial administrator passwords are deployment-generated or operator-set; do not treat examples as universal defaults.
User Token
sonatype-nexus / user-token
Nexus Repository supports user tokens as an alternative to using a user's real password with package managers and repository clients. Sonatype docs cover user tokens and migrations between authentication backends.
Location
AuthorizationBasic authentication using Nexus user-token name/code or token-derived credentials
Nexus token and user security stores
Maven settings.xml, npmrc, pip.conf, NuGet config, Docker config, and CI manifests
NEXUS_USERNAME, NEXUS_PASSWORD, NEXUS_TOKENCI/CD variables, build platform secrets, and cloud secret managers
build scripts, dependency manager config, tests, and committed examples
package manager debug logs and CI output
Notes
User tokens inherit the repository privileges of the owning Nexus user.
Database / Blob Store Secret
sonatype-nexus / database-blobstore-secret
Nexus Repository deployments can use external databases and blob stores. Runtime environment and storage documentation include database and cloud storage credentials used by the repository manager.
Location
nexus.properties, database config, blob store config, and deployment manifests
NEXUS_DATASTORE_USERNAME, NEXUS_DATASTORE_PASSWORD, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEYExternal Secrets Operator, Kubernetes Secrets, cloud secret managers, and database vault entries
Helm values, Docker Compose files, and committed deployment config
runtime connection errors and support bundles
Notes
These secrets can expose repository metadata, artifacts, blob stores, and credentials stored by integrations.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.