When Vercel API credentials are accidentally committed to public GitHub repositories, gists and npm packages, Vercel now automatically revokes them to protect your account from unauthorized access. When the exposed credentials are detected, you'll receive notifications and can review any discovered and in your dashboard. This detection is powered by and brings an extra layer of security to all Vercel and v0 users.tokensAPI keysGitHub secret scanning As part of this change, we've also updated token and API key formats to make them visually identifiable.

Each credential type now includes a prefix: We recommend reviewing your and regularly, rotating long-lived credentials, and revoking unused ones.tokensAPI keys about account security.Learn more Read more for vcpVercel personal access tokens for vciVercel integration tokens for vcaVercel app access tokens for vcrVercel app refresh tokens for vckVercel API keys