PagerDuty
PagerDutymonitoring3 credentials
REST API Key
pagerduty / rest-api-key
PagerDuty REST API keys authenticate automation against the PagerDuty REST API. PagerDuty documents General Access and User Token REST API keys, and states both types are 20-character strings.
Looks like
exampleXXXXXXXXXXXXXXXXXXXXLocation
AuthorizationToken authentication header used for PagerDuty REST API requests
PAGERDUTY_API_KEY, PD_API_KEY, PAGERDUTY_TOKENTerraform provider config, automation .env files, runbooks, and deployment manifests
CI/CD variables, cloud secret managers, and incident automation secrets
incident automation scripts, Terraform modules, tests, and committed examples
API client traces, Terraform logs, and CI output
Notes
REST API keys do not work with PagerDuty Events API calls. User token keys act with the creating user's permissions.
Events API Integration / Routing Key
pagerduty / events-routing-key
PagerDuty Events API integrations use routing keys to route events to a service or event orchestration. PagerDuty distinguishes Events API keys from REST API keys in its API access key documentation.
Looks like
exampleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXLocation
PAGERDUTY_ROUTING_KEY, PD_ROUTING_KEY, PAGERDUTY_INTEGRATION_KEYmonitoring alert configs, IaC, .env files, and deployment manifests
monitoring platform secrets, CI/CD variables, and cloud secret managers
alerting scripts, examples, and committed service integrations
event submission logs and incident automation traces
integration creation responses containing routing or integration keys
Notes
A leaked routing key can trigger or manipulate events for the associated service or orchestration but does not grant REST API access.
OAuth Access Token
pagerduty / oauth-access-token
PagerDuty supports OAuth access for apps and API integrations. OAuth access tokens authenticate API calls with delegated scopes instead of a static REST API key.
Location
AuthorizationBearer OAuth access token used for PagerDuty API calls
OAuth token endpoint responses containing access_token and refresh_token
app installation token stores
OAuth example config and integration settings
encrypted app secrets and cloud secret managers
OAuth callback logs and token exchange traces
Notes
OAuth token blast radius depends on app scopes, installation, and the user or account context granting access.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.