lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Adafruit

Adafruitsaas4 credentials

Credentials4 documented
01

Adafruit User Password

adafruit / user-password

Adafruit users authenticate to Adafruit and Adafruit IO web interfaces with user-defined account credentials. This entry models ordinary user login context and does not claim a static vendor default.

user definedsecretusername/password

Location

public interface
/users/sign_in, /account, /io

Adafruit account and Adafruit IO web sign-in contexts

secret store

Password managers, enterprise IdP stores, break-glass account vaults, and team credential stores

logs

Web sign-in logs, audit events, support traces, browser exports, and copied troubleshooting output

Notes

No static Adafruit default password was found or modeled.

02

Adafruit IO Key

adafruit / adafruit-io-key

Adafruit IO keys authenticate REST and MQTT access to Adafruit IO feeds, groups, and dashboard data. Official API docs show the key sent in the X-AIO-Key header or x-aio-key query parameter; official CircuitPython and Arduino examples store the key in settings.toml or config.h.

generated on installuser definedsecretAPI key

Looks like

example
example

Adafruit IO docs and Betterleaks adafruit-api-key rule use 32 lowercase hex-like API keys; use only with Adafruit-specific context

b780002b85d6411ca0ad9f9c60195f72
example

Contextual Adafruit/Adafruit IO key assignment compatible with Betterleaks adafruit-api-key structure

adafruit_api_key = b780002b85d6411ca0ad9f9c60195f72

Location

environment
ADAFRUIT_AIO_KEY

Official CircuitPython examples read this key from settings.toml using os.getenv

http header
X-AIO-Key

Official Adafruit IO API header for API-key authentication

public interface
/api/v2

Adafruit IO REST API endpoints that accept X-AIO-Key or x-aio-key

config file
settings.toml, secrets.py, config.h, secrets.h, .env

CircuitPython, Python, Arduino, and local environment files that commonly store Adafruit IO credentials

secret store

CI/CD variables, microcontroller secrets stores, cloud secret managers, password vaults, and automation vaults

source code

CircuitPython code, Arduino sketches, Python scripts, notebooks, examples, tests, and MQTT/REST clients

logs

Serial console logs, MQTT client logs, REST debug logs, CI output, exception traces, and support bundles

Notes

The bare 32-character key pattern is intentionally documented as contextual; scanners should require Adafruit-specific locations, headers, config keys, or surrounding text to avoid matching arbitrary hex strings.

03

Adafruit IO Username

adafruit / adafruit-io-username

Adafruit IO clients pair the account username with an IO key for REST and MQTT authentication. The username is not secret by itself, but it is useful triage context next to an Adafruit IO key.

user definedpublic by designother

Location

environment
ADAFRUIT_AIO_USERNAME
config file
settings.toml, secrets.py, config.h, secrets.h, .env

CircuitPython, Python, Arduino, and local environment files that commonly store Adafruit IO usernames

source code

Adafruit IO client examples and application code that pairs username with key material

Notes

Username findings should not create secret findings alone; use them as context for nearby Adafruit IO key material.

04

Adafruit IO MQTT Credential

adafruit / mqtt-credential

Adafruit IO MQTT clients authenticate with the Adafruit IO username and IO key. Embedded sketches and IoT configuration often store these together with Wi-Fi credentials.

user definedsecretsecret value

Location

config file
settings.toml, secrets.py, config.h, secrets.h

Microcontroller and IoT project files containing Adafruit IO username/key pairs and MQTT client configuration

secret store

Device provisioning stores, CI/CD variables, password vaults, and firmware build secret stores

source code

Arduino sketches, CircuitPython examples, MQTT scripts, device firmware, and tests

logs

Serial console logs, MQTT connection logs, firmware debug logs, and captured device output

Notes

Generic Wi-Fi SSIDs/passwords are not modeled here; this block is scoped to Adafruit IO credential use in MQTT/device clients.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.