lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Travis CI

Travis CICI/CD3 credentials

Credentials3 documented
01

API Token

travis-ci / api-token

Travis CI API tokens authenticate CLI and API clients for repository, build, and environment-variable management.

generated on installuser definedsecretAPI key

Location

http header
Travis-API-Version

Used alongside Authorization in Travis API requests

http header
Authorization

token used by Travis CI API clients

config file

Travis CLI config, .travis.yml encrypted variables workflow, scripts, and .env files

environment
TRAVIS_TOKEN, TRAVIS_API_TOKEN
secret store

password managers, CI variables, and deployment vaults

source code

automation repos and accidentally committed configs

logs

CLI debug output and curl traces

02

Repository Environment Variable / Encrypted Variable

travis-ci / env-var-secret

Travis CI repository settings and .travis.yml encrypted variables hold deployment credentials, cloud keys, package tokens, and passwords injected into builds.

user definedsecretsecret value

Location

secret store

Travis repository environment variables and encrypted variables

config file
.travis.yml

encrypted env/global values and deploy provider settings

environment

runtime build environment variables injected by Travis CI

source code

repository CI configuration and deployment scripts

logs

build logs if secrets are printed or masking fails

03

Deploy Key / Provider Token

travis-ci / deploy-key-and-provider-secret

Travis deployment providers and repository access features use SSH keys, GitHub tokens, package tokens, and cloud credentials to publish artifacts.

user definedsecretsecret value

Looks like

pattern
pattern

private SSH deploy key used by Travis jobs

-----BEGIN (RSA |OPENSSH |EC |)PRIVATE KEY-----

Location

config file
.travis.yml

deploy provider token fields and encrypted credentials

secret store

Travis secure env vars and deployment provider secrets

source code

deployment scripts and release tooling

logs

deployment logs and provider CLI debug output

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.