Vercel automatically detects and revokes exposed credentials. Learn about new token formats, new automated secret scanning, and partnership in GitHub's secret scanning program.

Vercel is a platform for deploying modern web applications with speed and simplicity, offering developers a seamless experience for hosting and scaling their projects. With features like instant deployment, serverless functions, and global CDN, Vercel empowers developers to focus on building great user experiences without worrying about infrastructure management.

Vercel

Vercel now automatically detects and revokes API credentials accidentally exposed in public GitHub repositories, Gists, and npm packages. The platform has introduced new token formats with visual prefixes (vcp, vci, vca, vcr, vck) to identify different credential types. When exposed credentials are detected through GitHub secret scanning integration, users receive notifications and can review affected tokens in their dashboard. Users are encouraged to regularly review tokens, rotate long-lived credentials, and revoke unused ones.

Introducing new token formats and secret scanning