lolcreds

Public credential defaults and exposure patterns for authorized security testing.

OpenAI

OpenAIAI API1 credential

Credentials1 documented
01

API Key

openai / api-key

OpenAI API keys authenticate requests to the OpenAI API. OpenAI's quickstart instructs users to create an API key, store it securely, and export it as OPENAI_API_KEY for SDK and CLI use.

user definedsecretAPI key

Looks like

example
example

project-scoped OpenAI API key form commonly seen in current deployments

sk-proj-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
example

service-account OpenAI API key form

sk-svcacct-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
example

legacy OpenAI API key form without the project/service-account qualifier

sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
OPENAI_API_KEY
http header
Authorization

Bearer token used by OpenAI API calls

source code

application config, examples, notebooks, CLI scripts, committed .env files

config file

.env, deployment manifests, serverless settings, local shell profiles

secret store

CI/CD variables, cloud secret managers, platform environment stores

logs

request dumps or debug logs that include Authorization headers

Notes

OpenAI API keys are bearer credentials. Treat exposure according to the project, organization, and permissions attached to the key, and rotate any key that appears in source code, logs, notebooks, or shared deployment configuration.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.