Vercel API Token

Bridgecrew Policy ID: BC_GIT_74
Chekov Check ID: CKV_SECRET_74
Severity: LOW

Vercel API Token


Vercel Access Tokens are required to authenticate and use the Vercel API. Tokens can be created and managed inside your account settings, and can be scoped to only allow access for specific Teams.

Fix - Buildtime


Step 1: Revoke the key

  1. On Vercel, click on the avatar, then Account
  2. Click on the API Tokens
  3. Find the API Token you want to revoke and click on the trash icon

Step 2: Monitor for abuse