TeamCity
JetBrainsCI/CD4 credentials
TeamCity User Password
teamcity / user-password
TeamCity users authenticate to the web UI, REST API, and build tools through local or external authentication backends.
Location
TeamCity web UI, REST API, and agent/server endpointsTeamCity user records and password verifier state for local authentication
server configuration, auth modules, and deployment manifests
password managers and deployment vaults
server auth logs and REST client traces
Personal Access Token
teamcity / access-token
TeamCity supports user access tokens for REST API access and integrations.
Location
AuthorizationBearer token or basic auth token for TeamCity REST API
TeamCity token storage associated with users
build scripts, service connection config, IDE/CLI caches, and .env files
TEAMCITY_TOKEN, TEAMCITY_ACCESS_TOKENCI/CD variables and vaults
automation scripts and integration tests
REST debug logs and build output
Super User Authentication Token
teamcity / super-user-token
TeamCity can provide a super user authentication token for emergency administration when normal authentication is unavailable.
Location
TeamCity server startup logs can display the super user token
TeamCity login page super user token flowsupport bundles and collected server logs
Notes
Treat this as highly privileged emergency access; rotate/restart according to TeamCity guidance if exposed.
Secure Project Parameter / VCS Settings Token
teamcity / secure-project-parameter
TeamCity stores secure parameters, VCS root passwords/tokens, SSH keys, cloud profiles, and deployment credentials for build configurations.
Location
TeamCity configuration database and secure value storage
project settings, Kotlin DSL, VCS root config, and data directory XML
TeamCity credentials storage and external secret integrations
Kotlin DSL repositories and build scripts referencing secret parameters
build logs if parameters are printed or masking fails
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.