ngrok
ngroknetwork2 credentials
Agent Authtoken
ngrok / authtoken
The ngrok agent authenticates with an authtoken. The ngrok CLI can write the token to the agent configuration file with ngrok config add-authtoken, and the agent also accepts NGROK_AUTHTOKEN as the corresponding environment variable.
Looks like
exampleNGROK_AUTHTOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXauthtoken: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXLocation
NGROK_AUTHTOKEN~/.config/ngrok/ngrok.yml, ~/Library/Application Support/ngrok/ngrok.ymlOfficial default ngrok agent configuration files on Linux and macOS
%LOCALAPPDATA%\ngrok\ngrok.ymlOfficial default ngrok agent configuration file on Windows
ngrok.yml, ngrok.yaml, docker-compose.yml, compose.yml, .env, .env.local, .env.production, deployment.yaml, values.yamlProject, container, and Kubernetes files that commonly pass the ngrok authtoken to the agent
Docker secrets, Kubernetes Secrets, CI/CD variables, cloud secret managers, and password vaults
Startup scripts, Dockerfiles, compose files, deployment manifests, examples, tests, and documentation snippets
Shell history, container logs, CI traces, startup logs, and debug output that may print config or env vars
Notes
ngrok docs identify NGROK_AUTHTOKEN as the environment variable for the authtoken configuration property. No stable public authtoken prefix was confirmed, so patterns are contextual and include the ngrok-specific key name rather than matching arbitrary opaque strings.
API Key
ngrok / api-key
ngrok API keys authenticate requests to the ngrok API as bearer tokens. The agent configuration also supports the api_key property and NGROK_API_KEY environment variable.
Looks like
exampleNGROK_API_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXapi_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXLocation
NGROK_API_KEYAuthorizationngrok API requests use bearer-token authentication
~/.config/ngrok/ngrok.yml, ~/Library/Application Support/ngrok/ngrok.ymlOfficial default ngrok agent configuration files on Linux and macOS
%LOCALAPPDATA%\ngrok\ngrok.ymlOfficial default ngrok agent configuration file on Windows
ngrok.yml, ngrok.yaml, terraform.tfvars, main.tf, providers.tf, docker-compose.yml, compose.yml, .env, .env.local, .env.production, values.yamlProject-local ngrok, Terraform, container, and deployment files that may contain api_key or NGROK_API_KEY
Terraform Cloud variables, CI/CD variables, Docker secrets, Kubernetes Secrets, cloud secret managers, and password vaults
Terraform provider config, API clients, examples, scripts, tests, and deployment manifests
Terraform logs, API debug logs, shell history, CI traces, and container startup output
Notes
ngrok API documentation shows API keys used as bearer tokens in the Authorization header. Patterns are contextual because no stable public value prefix was confirmed.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.