lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Tencent Cloud Hunyuan

Tencent CloudAI API1 credential

Credentials1 documented
01

SecretId / SecretKey

tencent-hunyuan / secret-id-secret-key

Tencent Cloud Hunyuan API access uses Tencent Cloud CAM SecretId and SecretKey credentials for signed API requests. These credentials are account or sub-account API keys, not model-specific bearer tokens.

user definedsecretAPI key

Looks like

example
example

Tencent Cloud SecretId value; the paired SecretKey is the signing secret

AKIDXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
TENCENTCLOUD_SECRET_ID
environment
TENCENTCLOUD_SECRET_KEY
http header
Authorization

TC3-HMAC-SHA256 signed request header contains the SecretId in Credential scope

source code

SDK examples, backend services, notebooks, committed .env files

config file

.env, cloud function config, deployment manifests, local credentials files

secret store

CI/CD variables, Tencent Cloud secrets, hosted app settings

logs

request signing debug logs and Authorization headers exposing SecretId

Notes

A leaked SecretKey is the credential that enables request signing; the SecretId alone is usually not sufficient, but both values commonly leak together in environment files and deployment configuration.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.