lolcreds

Public credential defaults and exposure patterns for authorized security testing.

New Relic

New Relicmonitoring3 credentials

Credentials3 documented
01

User API Key

new-relic / user-api-key

New Relic user API keys authenticate NerdGraph and other account APIs on behalf of a user. New Relic documents user keys as one of the New Relic API key types.

user definedsecretAPI key

Looks like

example
example

New Relic user API key prefix

NRAK-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
NEW_RELIC_API_KEY, NEW_RELIC_USER_KEY, NEW_RELIC_API_KEY_US, NEW_RELIC_API_KEY_EU
http header
API-Key

New Relic API key header used by NerdGraph and REST APIs

config file

Terraform provider config, automation .env files, scripts, and deployment manifests

secret store

CI/CD variables, cloud secret managers, and monitoring automation secrets

source code

observability automation, IaC, examples, and committed scripts

logs

API client traces, Terraform logs, and CI output

Notes

User keys inherit the creating user's access and can query or modify New Relic resources according to account permissions.

02

Ingest License Key

new-relic / ingest-license-key

New Relic ingest and license keys are used by agents and telemetry senders to report data to New Relic. New Relic documents license and ingest keys as API key types for telemetry ingestion.

generated on installsecretAPI key

Looks like

example
example

New Relic license/ingest keys are commonly represented as 40-character hexadecimal strings

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
NEW_RELIC_LICENSE_KEY, NEW_RELIC_INSERT_KEY, NEW_RELIC_INGEST_KEY
config file

newrelic.yml, agent configs, Helm values, Docker Compose files, and deployment manifests

secret store

Kubernetes Secrets, CI/CD variables, cloud secret managers, and platform app config

source code

agent setup scripts, examples, and accidentally committed telemetry config

logs

agent startup logs, deployment output, and CI traces

Notes

Ingest keys allow sending telemetry to the associated account but usually do not grant query or account-management API access.

03

Browser Monitoring Key

new-relic / browser-license-key

New Relic browser monitoring uses browser-specific keys in client-side JavaScript configuration. New Relic documents browser keys among API key types used by New Relic telemetry products.

generated on installcontext dependentAPI key

Looks like

example
example

New Relic browser monitoring key prefix

NRJS-XXXXXXXXXXXXXXXX

Location

config file

browser agent config, frontend build settings, .env files, and application config

source code

browser bundles, HTML templates, examples, and committed frontend config

logs

frontend build output and browser agent diagnostics

Notes

Browser monitoring keys are deployed to client applications and should be triaged differently from user API keys or license keys.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.