Skip to content
Latchkey

Turborepo remote cache 403 / bad TURBO_TOKEN in CI

A 403 from the remote cache means turbo authenticated but was refused: the token is invalid or lacks access, or TURBO_TEAM does not match the token. The endpoint is reachable; the credential pairing is wrong.

What this error means

turbo remote caching fails with a 403 Forbidden response, or reports the token is unauthorized, so it uses the local cache only.

Turborepo
WARNING  failed to push artifact: 403 Forbidden
  check TURBO_TOKEN and TURBO_TEAM are set and match

Common causes

TURBO_TOKEN is invalid or lacks access

A revoked, mistyped, or under-scoped token authenticates but is refused access to the team cache with 403.

TURBO_TEAM does not match the token

The token belongs to a different team than TURBO_TEAM names, so the pairing is unauthorized.

How to fix it

Align token and team

  1. Confirm TURBO_TOKEN is a current token for the team.
  2. Set TURBO_TEAM to the exact team slug the token belongs to.
  3. Re-run and confirm the 403 clears.
.github/workflows/ci.yml
env:
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ vars.TURBO_TEAM }}

Rotate the token if it was revoked

A 403 does not clear on retry. Issue a fresh token with cache access and update the secret.

How to prevent it

  • Keep TURBO_TOKEN current and scoped for cache access.
  • Match TURBO_TEAM to the token owner exactly.
  • Rotate tokens in one place and update the secret when you do.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →