Skip to content

Vercel Git Integration Token

Service Name: Vercel

Service Description: Vercel is a cloud platform for static sites and Serverless Functions that enables developers to host websites and web applications with ease. It provides seamless integration with various git providers like GitHub, GitLab, and Bitbucket.

Service Address: https://vercel.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the team level in Vercel's security settings.

Secret Access Scope: Grants access to deploy projects, manage deployments, and interact with Vercel's API on behalf of a user or team. Can access git repositories connected to Vercel projects.

Secret Revokement URL: https://vercel.com/account/tokens

Secret Example: vercel_git_token_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t

Suspicious Activity Investigation Instructions:

  • Review recent deployments in the Vercel dashboard for unauthorized or unexpected deployments.
  • Check git integration settings for any unauthorized repository connections.
  • Review API logs for unusual activity or access patterns.
  • Verify if there were any unexpected changes to project configurations or environment variables.
  • Check for unauthorized team member additions or permission changes.

Mitigation Instructions:

  • Log in to your Vercel account at https://vercel.com/
  • Navigate to Account Settings by selecting your profile picture in the upper-right corner.
  • Select "Tokens" from the left sidebar.
  • Locate the compromised token and click "Delete".
  • Generate a new token if needed with appropriate scopes.
  • Review and update git integration settings for all projects.
  • Consider enabling two-factor authentication for additional security.
  • Review team member access and permissions to ensure they are appropriate.