Microsoft SharePoint
Microsoftsaas4 credentials
SharePoint Add-in / Azure AD App Client Secret
sharepoint / add-in-client-secret
SharePoint add-ins and Microsoft Entra ID applications use client IDs with client secrets or certificates for app-only access to SharePoint resources.
Location
AuthorizationBearer access token minted for SharePoint app-only/API calls
web.config, appsettings.json, Azure Functions settings, PowerShell scripts, and deployment manifests
CLIENT_SECRET, SHAREPOINT_CLIENT_SECRET, AZURE_CLIENT_SECRETAzure Key Vault, app service settings, CI/CD variables, and password managers
SharePoint add-ins, migration scripts, and integration repos
OAuth debug logs and HTTP traces
App-only Certificate Private Key
sharepoint / certificate-private-key
Certificate-based SharePoint app-only authentication uses private keys associated with registered apps or add-ins.
Looks like
pattern-----BEGIN (RSA |PRIVATE |ENCRYPTED )?PRIVATE KEY-----Location
PFX/PEM files, appsettings, PowerShell certificate paths, and deployment packages
Azure Key Vault certificates, local certificate stores, and CI secret files
build artifacts, migration bundles, and backups
Webhook Client State Secret
sharepoint / webhook-client-state
SharePoint webhook subscriptions can include a clientState value used by receivers to validate notifications.
Location
webhook subscription metadata containing clientState
webhook receiver configuration and deployment manifests
Azure Key Vault and app settings
webhook receiver source and tests
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.