Apache ZooKeeper
Apache Software Foundationmiddleware4 credentials
Digest ACL Username / Password
apache-zookeeper / digest-acl-credential
ZooKeeper ACLs support the digest scheme, which uses a username:password string to generate an ACL identity. ZooKeeper documents that authentication is performed by sending username:password and ACLs store the username with a base64-encoded SHA1 password digest.
Looks like
patterndigest:[^:\s]+:[A-Za-z0-9+/=]+addauth\s+digest\s+[^:\s]+:[^\s]+Location
ZooKeeper znodes storing ACLs with digest identities
client config, application config, JAAS files, and deployment manifests
Kubernetes Secrets, cloud secret managers, and platform vault entries
ZooKeeper client code, tests, scripts, and committed configs
client debug logs, command history, and ACL troubleshooting output
ZooKeeper client port 2181Notes
Digest credentials protect znodes according to ACL permissions. Avoid sending digest username:password over untrusted networks without TLS.
SASL / JAAS Secret
apache-zookeeper / sasl-jaas-secret
ZooKeeper supports pluggable authentication and SASL configuration. JAAS files used by ZooKeeper servers and clients can contain usernames, passwords, keytabs, or other mechanism-specific secret material.
Looks like
pattern(?:username|password)=\"[^\"\r\n]+\"Location
jaas.conf, zoo.cfg, java.envZooKeeper server/client JAAS and authentication configuration
JVMFLAGS, SERVER_JVMFLAGS, CLIENT_JVMFLAGSJava system properties pointing to JAAS config or auth settings
Kerberos keytabs, Kubernetes Secrets, cloud secret managers, and deployment vaults
deployment manifests, Helm charts, tests, and committed JAAS configs
startup logs and SASL authentication debug traces
Notes
Depending on mechanism, the credential may be a password, Kerberos keytab, or service principal secret.
TLS Keystore / Truststore Password
apache-zookeeper / tls-keystore-password
ZooKeeper TLS settings include keyStore and trustStore locations and passwords for client and quorum TLS connections. ZooKeeper documents ssl.keyStore.password and ssl.quorum.keyStore.password configuration.
Looks like
patternzookeeper\.ssl\.(?:keyStore|trustStore)\.password=[^\s]+ssl\.(?:keyStore|trustStore)\.password\s*=\s*[^\r\n]+Location
zoo.cfg, java.env, JVM system propertiesZooKeeper TLS keystore and truststore configuration
Java keystores, Kubernetes Secrets, cloud secret managers, and deployment vaults
Helm charts, Docker Compose files, and committed config
ensemble images containing keystores and config
TLS startup and troubleshooting output
Notes
Keystore passwords can unlock private keys used for ZooKeeper client or quorum TLS authentication.
Super Digest
apache-zookeeper / super-digest
ZooKeeper can configure a super user digest for administrative access. The superDigest value is secret-equivalent because it grants elevated ACL bypass behavior to clients authenticating as the configured super user.
Looks like
patternzookeeper\.DigestAuthenticationProvider\.superDigest=[^\s]+Location
zoo.cfg, java.env, service unit files, and JVM system properties
JVMFLAGS, SERVER_JVMFLAGSconfiguration management vaults and Kubernetes Secrets
deployment scripts and committed ensemble config
process listings, startup logs, and service manager output
Notes
superDigest should be treated as highly privileged administrative secret material, not as a normal application password.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.