Introducing new token formats and secret scanning

Published: 3 days ago (February 9, 2026 at 08:00 AM EST)

1 min read

Source: Vercel Blog

Changelog Light
Changelog Dark

Automatic revocation of exposed credentials

When API credentials are accidentally committed to public GitHub repositories, Gists, or npm packages, Vercel now automatically revokes them to protect your account from unauthorized access.

When exposed credentials are detected, you’ll receive notifications and can review any discovered tokens and API keys in your dashboard. This detection is powered by GitHub secret scanning and adds an extra layer of security for all Vercel and V0 users.

Updated token and API key formats

As part of this change, token and API key formats have been updated to make them visually identifiable. Each credential type now includes a distinct prefix.

We recommend reviewing your tokens and API keys regularly, rotating long‑lived credentials, and revoking any that are unused.

Learn more about account security.

Introducing new token formats and secret scanning

Automatic revocation of exposed credentials

Updated token and API key formats

Related posts

Making Gemini CLI extensions easier to use

Making Gemini CLI extensions easier to use

Vercel's CEO offers to cover expenses of 'Jmail'

vercel logs CLI command now optimized for agents with historical log querying