lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Tencent Cloud

Tencent Cloudcloud5 credentials

Credentials5 documented
01

Tencent Cloud API Key / Access Key

tencent-cloud / api-key

Tencent Cloud API keys, access keys, or tokens authorize API, CLI, SDK, Terraform, and automation access to cloud resources according to the principal, account, project, or policy scope.

generated on installuser definedsecretAPI key

Looks like

example
example

Tencent Cloud API/access key identifier or token format; paired secret or context may be required

AKIDXXXXXXXXXXXXX

Location

http header
Authorization

Tencent Cloud API authorization header or signed request context

config file
~/.tccli/default.credential, ~/.tccli/default.configure, credentials.json, tencentcloud.json, terraform.tfvars, provider.tf

Tencent Cloud CLI/SDK/Terraform/provider credentials and profiles. Additional non-path context from previous path: Terraform/provider configs.

environment
TENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY
secret store

Tencent Cloud secret managers, CI/CD variables, Kubernetes Secrets, Terraform variables, and vaults

source code

IaC repositories, deployment scripts, application configs, notebooks, and tests

logs

CLI/API debug output, SDK traces, failed request logs, and CI output

02

Tencent Cloud COS S3-Compatible Object Storage Key

tencent-cloud / object-storage-key

Tencent Cloud COS object storage credentials use access key IDs and secret keys for S3-compatible or provider-specific bucket/object access.

generated on installuser definedsecretAPI key

Location

config file
coscli.yaml, ~/.cos.yaml, coscmd_config, rclone.conf, s3cfg

object storage client configs, backup tools, rclone, s3cmd, and .aws/credentials-style profiles. Previous non-machine-readable path context: COS SDK/coscli/S3-compatible configs.

environment
COS_SECRETID, COS_SECRETKEY, TENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY
secret store

cloud secret stores, CI/CD variables, Kubernetes Secrets, and backup vaults

source code

backup scripts, data pipeline configs, and tests

logs

S3/client debug output and signed request traces

03

Tencent Cloud Console User Password

tencent-cloud / console-user-password

Tencent Cloud console users authenticate through local account, IAM, enterprise identity, or SSO login flows. Passwords are user-defined and typically protected with MFA/2FA.

user definedsecretusername/password

Location

public interface
Tencent Cloud console, CAM user, and SSO login
secret store

password managers, break-glass vaults, and enterprise IdP credential stores

logs

account audit logs, sign-in logs, and IdP authentication logs

04

Tencent Cloud Instance SSH Private Key

tencent-cloud / ssh-private-key

Tencent Cloud compute instances/bare-metal servers are commonly accessed with SSH key pairs. The private key grants OS-level access where the public key is installed.

user definedgenerated on installsecretkey pair

Looks like

pattern
pattern

private SSH key used for Tencent Cloud compute or bare-metal access

-----BEGIN (RSA |EC |DSA |OPENSSH |ENCRYPTED )?PRIVATE KEY-----

Location

config file
tencent-key.pem, cvm-key.pem, server.key

SSH private keys and cloud-init/provisioning material. Additional non-path context from previous path: cloud-init, Terraform variables.

secret store

CI/CD deploy keys, password managers, and automation vaults

source code

provisioning repos, Packer/image builds, and tests

artifact

machine images, server backups, and support bundles

05

Tencent Cloud Managed Kubernetes / Workload Secret

tencent-cloud / kubeconfig-and-workload-secret

Tencent Cloud managed Kubernetes and container services use kubeconfigs, service account tokens, registry passwords, pull secrets, and workload identity credentials.

generated on installuser definedsecretsecret value

Looks like

pattern
pattern

JWT-style Kubernetes service account, OIDC, or workload token

eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+

Location

config file
kubeconfig, tke-kubeconfig.yaml, cluster.kubeconfig, service-account-token

cluster credentials, pull secrets, registry credentials, and workload auth config. Additional non-path context from previous path: Helm values, Terraform variables, manifests.

secret store

Kubernetes Secrets, cloud secret stores, CI/CD variables, and vaults

source code

GitOps repos, deployment manifests, and tests

logs

cluster bootstrap, registry, and deployment logs

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.