lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Sentry

Sentrymonitoring3 credentials

Credentials3 documented
01

API Auth Token

sentry / auth-token

Sentry API authentication tokens authenticate as a user or organization account. Sentry documents that auth tokens are passed in the Authorization header using Bearer authentication.

user definedsecrettoken

Location

environment
SENTRY_AUTH_TOKEN, SENTRY_TOKEN
http header
Authorization

Bearer token used for Sentry API requests

config file

.sentryclirc, .env files, release automation config, and CI manifests

secret store

CI/CD variables, cloud secret managers, and deployment secrets

source code

release scripts, source-map upload tooling, and committed SDK config

logs

API client debug output, sentry-cli logs, and CI traces

Notes

Token blast radius depends on the scopes granted to the token and whether it belongs to a user account or an organization account.

02

Project DSN

sentry / dsn

Sentry DSNs configure SDK event ingestion. Sentry documents the DSN as a URL containing protocol, public key, optional secret key, host, path, and project identifier.

generated on installcontext dependenttoken

Looks like

example
example

Sentry DSN URL with public key and optional legacy secret key

https://[email protected]/0000000

Location

environment
SENTRY_DSN, NEXT_PUBLIC_SENTRY_DSN, VITE_SENTRY_DSN
config file

SDK initialization config, .env files, frontend build config, and mobile app config

source code

Sentry.init calls, committed examples, source maps, and frontend bundles

logs

application startup logs and SDK diagnostic output

Notes

Modern DSNs are often intentionally embedded in client code for event submission, but they still identify the project ingest endpoint and can be abused for noisy event injection.

03

OAuth Client Secret

sentry / oauth-client-secret

Sentry OAuth applications exchange authorization codes at the token endpoint using a client_id and client_secret. Sentry documents the client_secret parameter in OAuth token requests.

generated on installsecretsecret value

Location

environment
SENTRY_CLIENT_ID, SENTRY_CLIENT_SECRET
config file

OAuth backend config, .env files, and deployment manifests

secret store

cloud secret managers, hosted app secrets, and CI/CD variables

source code

OAuth examples, tests, and accidentally committed integration config

logs

token exchange request dumps and OAuth troubleshooting output

Notes

Client secret exposure can allow impersonation of the Sentry OAuth application during token exchange flows.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.