lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Harbor

CNCF / VMwareCI/CD3 credentials

Credentials3 documented
01

Harbor Administrator Password

harbor / admin-password

Harbor creates a local administrator account for portal, registry, and API administration. The initial password is deployment-configured in harbor.yml or Helm values.

generated on installuser definedsecretusername/password

Location

public interface
Harbor portal, REST API, Docker/OCI registry endpoints, and robot/account flows
database

Harbor database user and auth tables storing password verifier state

config file
harbor.yml, values.yaml

initial admin password, auth mode, database, Redis, and registry settings

environment
HARBOR_ADMIN_PASSWORD
secret store

Kubernetes Secrets, Helm secrets, Docker Compose secrets, and password vaults

logs

core, portal, registry, jobservice, and authentication logs

Notes

No literal default is modeled; packaged examples often show placeholders, while real deployments set or generate the admin password.

02

Robot Account Token

harbor / robot-account-token

Harbor robot accounts use generated tokens for pull/push automation and CI/CD registry access.

generated on installuser definedsecrettoken

Location

http header
Authorization

Basic authentication with robot account name and token for registry/API access

database

robot account records and token metadata

config file

Docker config.json, Kubernetes imagePullSecrets, CI manifests, and Helm values

environment
HARBOR_ROBOT_TOKEN, HARBOR_TOKEN
secret store

Kubernetes Secrets, CI/CD variables, and vault entries

source code

deployment repos, image pull secret templates, and test configs

logs

registry auth logs and CI output

03

OIDC, LDAP, Database, and Registry Secrets

harbor / oidc-ldap-database-secrets

Harbor deployments store OIDC client secrets, LDAP bind passwords, database passwords, Redis passwords, registry HTTP secrets, token signing material, and scanner/replication credentials.

generated on installuser definedsecretsecret value

Location

config file
harbor.yml, values.yaml

auth, database, Redis, registry, token, scanner, and replication settings

database

replication endpoints, scanner credentials, OIDC/LDAP settings, and encrypted secrets

secret store

Kubernetes Secrets, Docker secrets, external vaults, and Helm secret stores

source code

Helm charts, Terraform, and deployment manifests

artifact

Harbor backups and support bundles

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.