lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Wiki.js

Requarkscms3 credentials

Credentials3 documented
01

Administrator/User Password

wikijs / administrator-password

Wiki.js users authenticate to the admin UI, wiki UI, and GraphQL API through local or external authentication strategies. The initial administrator is created during setup.

generated on installuser definedsecretusername/password

Location

public interface
Wiki.js web login, admin UI, and GraphQL API
database

Wiki.js user and authentication tables containing password verifier data

config file
config.yml

runtime configuration and auth strategy settings

secret store

Docker/Kubernetes secrets and password managers

source code

deployment manifests and setup automation

logs

setup logs and authentication traces

02

API Key / JWT Token

wikijs / api-key-jwt-token

Wiki.js API and integrations use API keys or bearer tokens for GraphQL and automation access.

generated on installuser definedsecretAPI key

Location

http header
Authorization

Bearer token/API key used for Wiki.js GraphQL/API requests

database

API key/token records and user sessions

config file

integration scripts, .env files, and automation configs

environment
WIKIJS_API_KEY, WIKIJS_TOKEN
secret store

CI/CD variables and vault entries

source code

automation repositories and tests

logs

GraphQL client traces and debug logs

03

Database, Storage, and Authentication Strategy Secrets

wikijs / database-storage-auth-secrets

Wiki.js config includes database credentials, session/JWT secrets, Git/storage integration credentials, SMTP passwords, and OAuth/SAML/LDAP authentication strategy secrets.

generated on installuser definedsecretsecret value

Location

config file
config.yml

database connection, bind address, SSL, and runtime settings

database

authentication strategy, storage target, and integration secret records

environment
DB_PASS, DB_PASSWORD, WIKI_DB_PASS, WIKIJS_DB_PASSWORD
secret store

Kubernetes Secrets, Docker secrets, and cloud secret managers

source code

Docker Compose files, Helm values, and committed configs

artifact

Wiki.js backups and exported configuration

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.