Introducing new token formats and secret scanning

• 1min read When Vercel API credentials are accidentally committed to public GitHub repositories, gists and npm packages, Vercel now automatically revokes them to protect your account from unauthorized access. • When the exposed credentials are detected, you’ll receive notifications and can review any discoveredtokensandAPI keysin your dashboard. • This detection is powered byGitHub secret scanningand brings an extra layer of security to all Vercel andv0users. • As part of this change, we’ve also updated token and API key formats to make them visually identifiable. • Each credential type now includes a prefix: vcpforVercel personal access tokens vcpforVercel personal access tokens vciforVercel integration tokens vciforVercel integration tokens vcaforVercel app access tokens vcaforVercel app access tokens vcrforVercel app refresh tokens vcrforVercel app refresh tokens vckforVercel API keys vckforVercel API keys We recommend reviewing yourtokensandAPI keysregularly, rotating long-lived credentials, and revoking unused ones. • Learn moreabout account security.

Article Summaries:

• 1 min read When Vercel API credentials are accidentally committed to public GitHub repositories, gists and npm packages, Vercel now automatically revokes them to protect your account from unauthorized access. When the exposed credentials are detected, you’ll receive notifications and can review any discovered tokens and API keys in your dashboard. This detection is powered by GitHub secret scanning and brings an extra layer of security to all Vercel and v0 users. As part of this change, we’ve also updated token and API key formats to make them visually identifiable. Each credential type now in

Sources:

• https://vercel.com/changelog/new-token-formats-and-secret-scanning