Vercel CLI deploy token expired / "The specified token is not valid" in CI
The Vercel CLI rejected the token: "The specified token is not valid" means the --token value (or VERCEL_TOKEN) is expired, revoked, or empty. The CLI cannot run vercel login in CI, so a valid token must be supplied.
What this error means
vercel deploy or vercel pull fails with "Error: The specified token is not valid. Use vercel login to generate a new token." It appears after a token rotation or when the secret is unset.
Error: The specified token is not valid. Use `vercel login` to generate a new token.Common causes
The VERCEL_TOKEN expired or was revoked
Access tokens can be given an expiration or deleted. The pipeline still passes the old value, which no longer validates.
The token secret is missing or empty
If the secret was never set or not exposed to the step, the CLI receives an empty token and reports it as not valid.
How to fix it
Supply a current token and project ids
- Generate a new Vercel access token.
- Store it, plus the org and project ids, as secrets.
- Pass the token to each CLI call and set the env ids.
- name: Deploy to Vercel
run: npx vercel deploy --prod --token=${{ secrets.VERCEL_TOKEN }} --yes
env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}Verify the token with whoami
Confirm the token authenticates before deploying so an expired token fails clearly.
npx vercel whoami --token=${VERCEL_TOKEN}How to prevent it
- Rotate the Vercel token in one place and update the secret.
- Track token expiry so it is refreshed before it lapses.
- Assert the token with whoami in a preflight step.