lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Portainer / Rancher

Portainer / SUSE RancherCI/CD4 credentials

Credentials4 documented
01

Initial Administrator Password

portainer-rancher / admin-password

Portainer and Rancher both create an initial administrator through setup or bootstrap flows for UI/API access to container and Kubernetes environments.

generated on installuser definedsecretusername/password

Location

public interface
Portainer UI/API and Rancher UI/API
database

Portainer database or Rancher management cluster storing users, auth providers, and password hashes

config file

Docker Compose, Helm values, bootstrap password, and deployment manifests

secret store

Kubernetes Secrets, Docker secrets, password vaults, and bootstrap secrets

logs

server, API, auth, and setup logs

Notes

No shared universal admin password is modeled; setup flows create or display one-time/bootstrap credentials.

02

API Access Token / Key

portainer-rancher / api-access-token

Portainer and Rancher issue API tokens/access keys for CLI, API, Terraform, GitOps, and automation clients.

generated on installuser definedsecretAPI key

Location

http header
Authorization

Bearer token or access key used by Portainer/Rancher APIs

database

API key/token records, access keys, and session stores

config file

CLI configs, Terraform providers, kubeconfigs, scripts, and .env files

environment
PORTAINER_TOKEN, RANCHER_TOKEN, CATTLE_ACCESS_KEY, CATTLE_SECRET_KEY
secret store

CI/CD variables, Kubernetes Secrets, and vaults

source code

cluster automation repos, GitOps configs, and tests

logs

API client traces and controller logs

03

Kubeconfig / Cluster Registration Secret

portainer-rancher / kubeconfig-and-cluster-secret

Rancher and Portainer manage Kubernetes clusters using kubeconfigs, service account tokens, registration tokens, agent secrets, and cluster certificates.

generated on installuser definedsecrettoken

Looks like

pattern
pattern

JWT-style Kubernetes/Rancher service account or API token

eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+
pattern

private key in kubeconfig or cluster certificate material

-----BEGIN (RSA |EC |ENCRYPTED |)PRIVATE KEY-----

Location

config file
kubeconfig, values.yaml, docker-compose.yml

cluster credentials, agent registration tokens, and service account tokens

secret store

Kubernetes Secrets, Rancher cattle-system secrets, Portainer endpoint credentials, and vaults

artifact

cluster backups, exported kubeconfigs, and support bundles

source code

GitOps repositories and cluster bootstrap scripts

04

Registry, LDAP, OAuth, and Git Integration Secrets

portainer-rancher / registry-ldap-oauth-secrets

Portainer/Rancher deployments store registry credentials, LDAP/OIDC client secrets, Git repository credentials, cloud provider keys, and webhook secrets.

user definedgenerated on installsecretsecret value

Location

database

registry, endpoint, auth provider, and Git integration credential records

config file

Helm values, environment files, provider configs, and app templates

secret store

Kubernetes Secrets, Docker secrets, cloud secret managers, and vaults

logs

auth provider, registry, Git, and controller debug logs

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.