Replies: 1 comment
-
|
Hi olehmisar, Your proposal for a "cache-only" Vercel token makes a lot of sense. Limiting the token’s permissions strictly to remote cache access would greatly reduce security risks if the TURBO_TOKEN is ever leaked. This approach aligns well with the principle of least privilege and would help protect the broader Vercel team and project settings from accidental exposure. It would be great if Vercel could introduce such scoped tokens specifically for caching purposes. If you haven’t already, consider filing this as a feature request on Vercel’s feedback channels to bring more visibility to the idea. Thanks for raising this important security concern! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Goals
TURBO_TOKENis leakedNon-goals
No response
Background
I don't want to risk my whole team's security just to get the remote cache working.
Proposal
Ask Vercel to introduce a "cache only" token that can be used as
TURBO_TOKEN. It should have access to the remote cache and NOTHING ELSE.Beta Was this translation helpful? Give feedback.
All reactions