lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Ansible Tower / Automation Controller

Red HatCI/CD3 credentials

Credentials3 documented
01

OAuth2 / Personal Access Token

ansible-tower / oauth2-token

Ansible Tower and Automation Controller support OAuth2 token authentication for API access. Tokens are used by CLI, API clients, and automation integrations instead of passwords.

generated on installsecrettoken

Location

http header
Authorization

Bearer token used for Automation Controller API requests

database

controller database tables storing OAuth applications and tokens

environment
TOWER_OAUTH_TOKEN, CONTROLLER_OAUTH_TOKEN, AWX_TOKEN
config file

awx CLI config, automation scripts, .env files, and CI manifests

secret store

CI/CD variables, credential stores, Kubernetes Secrets, and cloud secret managers

source code

playbooks, tests, and committed API clients

logs

API client traces and CI output

Notes

Token privileges follow the owning user, OAuth application, scopes, and RBAC configuration.

02

Administrator/User Password

ansible-tower / admin-user-password

Automation Controller users authenticate to the web UI and API through local, LDAP, SAML, or other configured authentication backends. Local admin credentials are created during installation or provisioning.

generated on installuser definedsecretusername/password

Location

database

controller database user tables and password verifier state for local accounts

public interface
Automation Controller UI and API
environment
ADMIN_PASSWORD, TOWER_ADMIN_PASSWORD, CONTROLLER_ADMIN_PASSWORD
secret store

installer inventory secrets, Kubernetes Secrets, Ansible Vault, and password managers

source code

installer inventories, playbooks, tests, and committed variables

logs

installer logs, setup output, and authentication traces

Notes

There is no universal Tower administrator password; it is generated or set during deployment.

03

Stored Automation Credential

ansible-tower / stored-credential-secret

Automation Controller stores machine, SCM, cloud, vault, and custom credentials for use by jobs. Red Hat documentation covers secret handling for sensitive values in the controller.

user definedsecretsecret value

Location

database

controller database storing encrypted credential fields

secret store

Ansible Vault, Kubernetes Secrets, external credential plugins, and cloud secret managers

config file

installer inventory, controller settings, and credential plugin configuration

source code

exported surveys, test fixtures, and accidentally committed inventories

logs

job output, callback logs, and debugging traces if no_log is missing

Notes

Stored credentials may be SSH private keys, sudo passwords, cloud keys, SCM tokens, vault passwords, and arbitrary integration secrets.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.