Baidu Qianfan
Baidu AI CloudAI API1 credential
API Key / Secret Key
baidu-qianfan / api-key-secret-key
Baidu Qianfan and Wenxin Workshop integrations use API Key and Secret Key material to obtain access tokens or authenticate model-service calls. The resulting access token is then used as bearer-style request credential material.
Looks like
exampleaccess_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXLocation
BAIDU_API_KEY, BAIDU_SECRET_KEY, QIANFAN_ACCESS_KEY, QIANFAN_SECRET_KEYAuthorizationbearer-style request credential when integrations use an access token header
token-exchange responses that return access_token values
SDK examples, notebooks, server config, committed .env files
.env, deployment manifests, local shell profiles, application config
CI/CD variables, Baidu Cloud secret stores, hosted app settings
OAuth/token exchange logs and request URLs containing access_token
Notes
Baidu credentials often appear as a key pair plus a generated access token. Rotate the API Key / Secret Key pair if either half or any derived access token is exposed.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.