Hey folks, Bowen from Doppler here.
Following the recent security incident at Vercel, they published guidance to rotate credentials and store all secrets as sensitive environment variables.
For the vast majority of our users, no action is required. Our Vercel integration automatically defaults to Sensitive for environment variables.
However, if you originally set up your sync prior to when Vercel released Sensitive Environment variable support, it may have been created as an Encrypted secret and therefore must be recreated to switch to Sensitive.
Follow the steps below to delete and recreate your Vercel sync in Doppler.
Steps:
-
Navigate to the Integrations page in your Doppler workplace.
-
Under the Connections section, find your Vercel connection(s) and click on the project or ellipsis menu to view details.
-
For each sync, delete and recreate it one at a time:
- Click the ellipsis menu and select Delete. Important: When prompted, choose “Delete all secrets in Vercel” as well. This prevents existing Encrypted variables from remaining in Vercel.
- Note: If your Vercel project is configured to auto-deploy on environment variable changes, deleting secrets may trigger a redeployment.
- Once deleted, recreate your sync and select “Sensitive” as the environment variable type.
- Click the ellipsis menu and select Delete. Important: When prompted, choose “Delete all secrets in Vercel” as well. This prevents existing Encrypted variables from remaining in Vercel.
-
After recreating each sync, verify in Vercel under Environment Variables that the Sensitive badge is displayed next to your synced variables.
Please reach out to us here or through Support if you have any additional questions. Thanks!
