Skip to content
Latchkey

Vercel CLI deploy token expired / "The specified token is not valid" in CI

The Vercel CLI rejected the token: "The specified token is not valid" means the --token value (or VERCEL_TOKEN) is expired, revoked, or empty. The CLI cannot run vercel login in CI, so a valid token must be supplied.

What this error means

vercel deploy or vercel pull fails with "Error: The specified token is not valid. Use vercel login to generate a new token." It appears after a token rotation or when the secret is unset.

vercel-cli
Error: The specified token is not valid. Use `vercel login` to generate a new token.

Common causes

The VERCEL_TOKEN expired or was revoked

Access tokens can be given an expiration or deleted. The pipeline still passes the old value, which no longer validates.

The token secret is missing or empty

If the secret was never set or not exposed to the step, the CLI receives an empty token and reports it as not valid.

How to fix it

Supply a current token and project ids

  1. Generate a new Vercel access token.
  2. Store it, plus the org and project ids, as secrets.
  3. Pass the token to each CLI call and set the env ids.
.github/workflows/ci.yml
- name: Deploy to Vercel
  run: npx vercel deploy --prod --token=${{ secrets.VERCEL_TOKEN }} --yes
  env:
    VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
    VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}

Verify the token with whoami

Confirm the token authenticates before deploying so an expired token fails clearly.

Terminal
npx vercel whoami --token=${VERCEL_TOKEN}

How to prevent it

  • Rotate the Vercel token in one place and update the secret.
  • Track token expiry so it is refreshed before it lapses.
  • Assert the token with whoami in a preflight step.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →