Vercel API tokens have not expired
authentication_token_not_expired
Vercel API tokens are assessed for expiration status to identify expired tokens or those about to expire within a configurable threshold (default: 7 days). Tokens about to expire are flagged proactively so they can be rotated before causing disruptions. Tokens without an expiration date are considered valid.
Risk
Expired tokens indicate poor token lifecycle management. Tokens about to expire risk imminent service disruption if not rotated in time. Integrations or CI/CD pipelines relying on expired or soon-to-expire tokens will fail silently.
prowler vercel --checks authentication_token_not_expired
Recommendation
Remove expired tokens and create new ones with appropriate expiration dates. Implement a token rotation schedule to ensure tokens are refreshed before they expire. Update all integrations and automation that depend on the replaced tokens.
Remediation
- Sign in to the Vercel dashboard
- Navigate to Account Settings > Tokens
- Identify any expired tokens
- Delete expired tokens that are no longer needed
- Create new tokens with appropriate expiration dates to replace expired ones
- Update any integrations or CI/CD pipelines that used the expired tokens
Source Code
Resource Type
NotDefined
Related To
- authentication_no_stale_tokens