Algolia
Algoliadatabase4 credentials
Algolia User / Administrator Password
algolia / user-password
Algolia users and administrators authenticate to the Algolia dashboard, account administration, SSO, and API-key management surfaces with user-defined or federated credentials.
Location
/users/sign_in, /account, /apps, /api-keysAlgolia dashboard, application, and API key management contexts
Password managers, enterprise identity providers, break-glass account vaults, and managed credential stores
Sign-in logs, audit events, browser exports, dashboard actions, and support traces
Notes
Catalogs ordinary user/admin credential locations; no static Algolia default password is modeled.
Algolia API Key
algolia / api-key
Algolia API keys authorize Search, Admin, Crawler, and dashboard operations. Official CLI/source behavior uses ALGOLIA_API_KEY, with ALGOLIA_ADMIN_API_KEY retained as a deprecated legacy/admin key variable. The CLI can also store legacy profile keys in ~/.config/algolia/config.toml and newer credentials in the OS keychain with state metadata in state.toml.
Looks like
exampleaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa(?i)(?:algolia)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:\\?['"\x60]|[\s;]|\\[nr]|$)Location
ALGOLIA_API_KEY, ALGOLIA_ADMIN_API_KEYOfficial CLI/source supports ALGOLIA_API_KEY; ALGOLIA_ADMIN_API_KEY is deprecated but still recognized by the CLI
X-Algolia-API-KeyAlgolia API key header used by Algolia clients and REST APIs
/account/api-keys, /apps, /dashboardAlgolia dashboard and API-key management contexts
~/.config/algolia/config.tomlAlgolia CLI legacy profile config that can contain api_key, admin_api_key, and crawler_api_key fields
%USERPROFILE%\.config\algolia\config.tomlWindows home-relative equivalent of the Algolia CLI config path used by the CLI source logic
.env, algolia.config.js, algolia.config.ts, algolia.json, search.config.js, config.js, config.tsProject-local Algolia SDK/application configuration files where ALGOLIA_API_KEY may appear
OS keychain, CI/CD variables, cloud secret managers, platform secret stores, password vaults, and integration vaults
Application code, indexing scripts, crawler configs, tests, notebooks, examples, and infrastructure-as-code
API debug logs, indexing jobs, crawler logs, CI output, exception traces, and support bundles
Notes
ALGOLIA_APPLICATION_ID is required context but not secret material, so it is not listed as a credential-value environment location. The CLI's state.toml mainly tracks selected applications and key UUIDs; actual new-model secrets are stored in the OS keychain.
Search-Only API Key
algolia / search-only-api-key
Algolia search-only API keys are commonly embedded in browser/mobile clients. They are less sensitive than admin keys but still authorize scoped search operations and can expose indexes, filters, and usage patterns.
Looks like
examplebbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbLocation
X-Algolia-API-KeyAlgolia search API key header in client requests
Built frontend bundles, SSR responses, and generated config payloads may expose search-only keys
.env, algolia.config.js, algolia.config.ts, search.config.js, next.config.js, vite.config.jsFrontend and server-rendered application configuration files that may contain search-only keys
Browser/mobile applications, frontend bundles, search widgets, indexing examples, tests, and docs
Frontend build logs, API traces, crawler logs, and support bundles
Notes
Search-only keys are often intentionally client-exposed; triage should consider ACLs, indexes, restrictions, and whether an admin key was exposed instead.
Crawler API Key
algolia / crawler-api-key
Algolia CLI and crawler workflows can store a crawler API key alongside the application API key. Current CLI source stores secrets in the OS keychain and legacy profiles in config.toml.
Looks like
pattern(?i)(crawler[_-]?api[_-]?key|algolia(?:[ \t\w.-]{0,20})crawler)[\s'"]{0,3}(?:=|:|=>|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:\\?['"\x60]|[\s;]|\\[nr]|$)Location
~/.config/algolia/config.tomlLegacy Algolia CLI profile file can contain crawler_api_key
%USERPROFILE%\.config\algolia\config.tomlWindows home-relative equivalent of the Algolia CLI legacy profile file
.env, algolia.config.js, crawler.config.js, crawler.json, config.js, config.tsProject-local crawler and indexing configuration files
OS keychain, CI/CD variables, cloud secret managers, and indexing pipeline secret stores
Crawler configs, indexing jobs, scripts, tests, and automation repositories
Crawler logs, indexing traces, CI output, and support bundles
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.