Vercel Workflow now encrypts all user data end-to-end without requiring any code changes. Workflow inputs, step arguments, return values, hook payloads, and stream data are automatically encrypted before being written to the event log. This makes it safe to pass sensitive data, such as API keys, tokens, or user credentials, across boundaries. The event log only ever stores ciphertext, while your step functions work exactly as before. Your workflow and step functions work exactly as before; all data flowing through the event log is encrypted automatically. Each Vercel deployment receives a unique encryption key.

The key derivation and encryption stack works as follows: You can access encrypted data through two methods: : Click the Decrypt button in the run detail panel. Decryption happens entirely in the browser via the Web Crypto API, so the observability server never sees your plaintext data. Add the flag to the command.Web dashboardCLI:--decryptinspect Decryption follows the same permissions model as project environment variables, meaning you cannot access workflow data if you lack permission to view environment variables. Each decryption request is recorded in your Vercel…