lolcreds

Public credential defaults and exposure patterns for authorized security testing.

vLLM

vLLM ProjectAI API6 credentials

Credentials6 documented
01

Unauthenticated OpenAI-compatible Server

vllm / unauthenticated-openai-server

vLLM serves an OpenAI-compatible HTTP API. Authentication is only enforced when API keys are configured with --api-key or VLLM_API_KEY, so many local or internal deployments expose /v1 endpoints without a credential.

no authcontext dependentother

Unauthenticated access

open default
no authentication required
username
none
password
none

Location

public interface
/v1/models, /v1/chat/completions, /v1/completions, /v1/embeddings, /v1/audio/transcriptions, /v1/audio/translations, /health, /metrics

vLLM OpenAI-compatible API and health/metrics endpoint contexts

environment
VLLM_API_KEY, VLLM_HOST_IP
config file
docker-compose.yml, compose.yml, values.yaml, deployment.yaml, service.yaml, ingress.yaml, .env, .env.production

Container and Kubernetes deployment files that may expose an unauthenticated vLLM service

logs

vLLM server logs, access logs, reverse-proxy logs, Kubernetes logs, and gateway traces

Notes

This represents absence of authentication, not a secret value. It is useful for scanners because externally reachable unauthenticated inference APIs can leak data, incur compute cost, or allow model abuse.

02

vLLM API Key

vllm / api-key

vLLM supports API-key authentication for the OpenAI-compatible server. The CLI --api-key option takes precedence over VLLM_API_KEY, and clients send the configured key as a bearer token in the Authorization header.

user definedgenerated on installsecretAPI key

Location

http header
Authorization

Bearer token used by OpenAI-compatible vLLM clients

environment
VLLM_API_KEY, OPENAI_API_KEY
config file
.env, .env.local, .env.production, docker-compose.yml, compose.yml, values.yaml, deployment.yaml, service.yaml, config.yaml, config.yml

Project-local, container, Kubernetes, and gateway configuration files containing API keys or --api-key arguments

secret store

Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, inference-platform secrets, and password vaults

source code

OpenAI SDK clients, notebooks, agent configs, tests, examples, MCP servers, and committed application code

logs

API debug logs, proxy logs, request traces, notebook output, CI traces, and exception reports

Notes

vLLM API keys are user-chosen opaque values; no stable upstream prefix is documented. Detect them by env/header/CLI context rather than value shape.

03

Hugging Face Model Access Token

vllm / huggingface-model-token

vLLM commonly downloads models from Hugging Face. Gated or private models require Hugging Face access tokens passed through environment variables, CLI arguments, cache files, or deployment secret stores.

user definedgenerated on installsecrettoken

Looks like

example
example

Hugging Face access token used by vLLM model download and runtime workflows

hf_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
HF_TOKEN, HUGGING_FACE_HUB_TOKEN
config file
~/.cache/huggingface/token, ~/.cache/huggingface/stored_tokens, /root/.cache/huggingface/token, /root/.cache/huggingface/stored_tokens, /home/vllm/.cache/huggingface/token, /home/vllm/.cache/huggingface/stored_tokens

Linux Hugging Face token cache files used inside hosts and containers

config file
%USERPROFILE%\\.cache\\huggingface\\token, %USERPROFILE%\\.huggingface\\token

Windows Hugging Face token cache files used by development hosts

config file
.env, docker-compose.yml, compose.yml, values.yaml, deployment.yaml, config.yaml, config.yml

Deployment configuration that injects Hugging Face tokens for vLLM workers

secret store

Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, model-registry secrets, and password vaults

source code

model-serving scripts, notebooks, CI workflows, examples, and committed deployment code

logs

model download logs, CI traces, container logs, failed authentication messages, and support bundles

Notes

A Hugging Face token can grant access to private or gated model artifacts and may be reused outside vLLM. HUGGINGFACEHUB_API_TOKEN was omitted from the environment location because current official Hugging Face Hub source/docs checked in this session use HF_TOKEN and HUGGING_FACE_HUB_TOKEN for token material.

04

OpenAI-compatible Client / Gateway Secret

vllm / openai-compatible-client-secret

vLLM deployments frequently sit behind OpenAI-compatible gateways, proxies, service meshes, or multi-tenant routers. These layers may use their own API keys, master keys, proxy authorization tokens, or OAuth bearer tokens before forwarding traffic to vLLM.

user definedgenerated on installsecrettoken

Location

http header
Authorization, X-API-Key, Proxy-Authorization

Headers commonly used by OpenAI-compatible clients, gateways, and reverse proxies in front of vLLM

public interface
/v1/chat/completions, /v1/completions, /v1/embeddings, /v1/models

OpenAI-compatible endpoint contexts served by vLLM or a gateway

environment
OPENAI_API_KEY, VLLM_API_KEY, LITELLM_MASTER_KEY, WEBUI_SECRET_KEY, OPEN_WEBUI_SECRET_KEY
config file
.env, .env.local, docker-compose.yml, compose.yml, values.yaml, litellm.yaml, config.yaml, config.yml, deployment.yaml, ingress.yaml

Gateway, proxy, OpenAI-compatible client, and Kubernetes/container deployment configuration files

secret store

Kubernetes Secrets, Docker secrets, CI/CD variables, cloud secret managers, API gateway secret stores, and password vaults

source code

agent frameworks, notebooks, demos, tests, SDK clients, MCP servers, and committed gateway code

logs

gateway logs, proxy logs, API client traces, notebook output, and CI logs

Notes

This block is product-focused because vLLM's native OpenAI-compatible API is commonly protected by external auth rather than a built-in user database.

05

TLS Private Key / Certificate Material

vllm / tls-private-key

vLLM's OpenAI-compatible server supports TLS-related server options and is often deployed behind TLS-terminating ingress or reverse proxies. Private keys used for vLLM or its gateway are sensitive.

user definedgenerated on installsecretkey pair

Looks like

pattern
pattern

PEM private key used by vLLM HTTPS serving, ingress, or reverse-proxy TLS termination

-----BEGIN (?:RSA |EC |)PRIVATE KEY-----

Location

config file
tls.key, server.key, privkey.pem, fullchain.pem, cert.pem, /etc/tls/tls.key, /etc/ssl/private/server.key

Common TLS key/certificate files used by vLLM servers, containers, and reverse proxies Let's Encrypt live certificate directories are deployment-specific and omitted from path to avoid globs.

config file
docker-compose.yml, compose.yml, values.yaml, deployment.yaml, ingress.yaml, nginx.conf, traefik.yml, caddy.json, Caddyfile

Deployment and reverse-proxy configuration referencing TLS secrets

secret store

Kubernetes TLS Secrets, Docker secrets, cloud certificate stores, cloud secret managers, and password vaults

artifact

container images, Helm chart packages, deployment bundles, VM snapshots, and support bundles

logs

TLS startup errors, ingress/controller logs, reverse-proxy logs, and deployment traces

Notes

Certificate public chains are not secrets; private keys and any passphrases protecting them are secrets.

06

Prompt / Request / Model Artifact Leakage

vllm / prompt-request-and-model-leakage

vLLM request bodies, OpenAI-compatible traces, chat templates, model paths, LoRA/adapters, and downloaded model caches can contain proprietary prompts, copied secrets, private model artifacts, or sensitive tenant data.

user definedgenerated on installcontext dependentsecret value

Location

public interface
/v1/chat/completions, /v1/completions, /v1/embeddings, /metrics

Endpoint contexts where prompts, embeddings, and metrics can expose sensitive request or tenant data

environment
VLLM_CONFIG_ROOT, VLLM_USAGE_SOURCE, VLLM_LOGGING_LEVEL, VLLM_HOST_IP, VLLM_DEBUG_LOG_API_SERVER_RESPONSE
config file
.env, config.yaml, config.yml, chat_template.jinja, chat_template.json

Project-local vLLM deployment configuration and chat template files. VLLM_CONFIG_ROOT defaults to ~/.config/vllm, but exact files under that directory are deployment-defined.

artifact
~/.cache/huggingface/hub, /root/.cache/huggingface/hub, /home/vllm/.cache/huggingface/hub, /models, /mnt/models, /data/models

Model cache and mounted model artifact paths used by vLLM deployments

logs

vLLM request logs, gateway logs, OpenAI SDK debug traces, distributed worker logs, Ray logs, Kubernetes logs, and notebook output

artifact

model cache archives, LoRA adapter bundles, container images, volume snapshots, notebook exports, and support bundles

Notes

This block is context-dependent: model files are often legitimate artifacts, but scanner hits in request logs, chat templates, model caches, and adapter bundles may expose prompts, tenant data, copied secrets, or proprietary models.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.