Proxmox Virtual Environment
Proxmox Server Solutions GmbHCI/CD5 credentials
root@pam Password
proxmox-ve / root-pam-password
Proxmox VE uses Linux PAM accounts for host authentication; the installer creates/uses the root account and root@pam is the default administrative realm identity for the web UI, API, SSH, and console.
Location
Proxmox VE web UI, API, SSH, and console/etc/shadowLinux shadow password hash for root and other PAM users
password managers, cluster deployment vaults, and installer answer files
lab automation, Terraform/Ansible inventories, and cluster bootstrap scripts
installer logs, API client traces, and authentication failure logs
Notes
There is no universal Proxmox root password; it is set during installation or deployment.
Proxmox VE API Token
proxmox-ve / pve-api-token
Proxmox VE supports API tokens scoped to a user and token ID. Tokens are commonly used by Terraform, Ansible, backup tooling, and monitoring integrations.
Looks like
patternPVEAPIToken=[^!\s]+![^=\s]+=\S+^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$Location
AuthorizationPVEAPIToken header used for API token authentication
Terraform provider config, Ansible inventory, .env files, and CLI configs
PM_API_TOKEN_ID, PM_API_TOKEN_SECRET, PROXMOX_VE_API_TOKENCI/CD variables, cloud secret managers, and vault entries
infrastructure-as-code repositories and test fixtures
API client debug logs and CI output
Login Ticket and CSRF Prevention Token
proxmox-ve / ticket-and-csrf-token
Password login to the Proxmox API returns a PVEAuthCookie ticket and CSRFPreventionToken for authenticated browser/API sessions.
Looks like
patternPVE:[^:]+:[A-Za-z0-9+/=:.%-]+Location
CookiePVEAuthCookie session ticket
CSRFPreventionTokenCSRF token required for mutating API requests with ticket authentication
Set-CookiePVEAuthCookie returned by API login
HTTP traces and API client debug output
Cluster Authentication Key / Certificate Material
proxmox-ve / cluster-auth-key
Proxmox clusters maintain authentication keys and certificate material under /etc/pve/priv used by pvedaemon, pveproxy, and cluster nodes. Exposure may permit impersonation or decryption depending on the file.
Looks like
pattern-----BEGIN (RSA |OPENSSH |EC |)PRIVATE KEY-----Location
/etc/pve/priv/cluster private keys, auth keys, and certificate material replicated through pmxcfs
node backups and cluster recovery vaults
Proxmox backup archives and support bundles
Storage, Backup, and Integration Secrets
proxmox-ve / storage-backup-secrets
Proxmox VE stores credentials for storage backends, Proxmox Backup Server, Ceph/RBD, CIFS, LDAP/AD realms, ACME DNS plugins, and notification targets.
Location
/etc/pve/storage.cfg, /etc/pve/priv/storage/*, realm.cfg, acme plugin config, and backup job config
cluster secret files under /etc/pve/priv and external vaults
cluster provisioning scripts and IaC modules
task logs, backup logs, and storage connection errors
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.