Vercel Cli With Tokens
Deploy and sync Vercel projects from CI or headless agents using VERCEL_TOKEN instead of interactive vercel login.
Overview
Vercel CLI with Tokens is an agent skill for the Ship phase that deploys and configures Vercel projects using access-token authentication instead of interactive login.
Install
npx skills add https://github.com/vercel-labs/agent-skills --skill vercel-cli-with-tokensWhat is this skill?
- Ordered token discovery: printenv VERCEL_TOKEN, .env grep, alternate variable names (vca_ prefix), then ask the user
- Export pattern so agents run vercel CLI without vercel login
- Covers deploy to Vercel, project setup, and adding environment variables via CLI
- Designed for automated and agent-driven pipelines
- Step 1 gate before any Vercel command to avoid silent auth failures
- Four-step token resolution path (env, .env VERCEL_TOKEN, alternate .env names, user prompt)
- Vercel tokens typically use the vca_ prefix for identification in .env scans
Adoption & trust: 47.2k installs on skills.sh; 27.7k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your agent or CI job cannot complete vercel login interactively, so deploys stall even when you already have a token somewhere in env or .env.
Who is it for?
Solo builders automating Vercel deploys from agents, GitHub Actions, or local scripts that already use or can create a Vercel access token.
Skip if: Hosting on non-Vercel platforms, or teams that only deploy via the Vercel dashboard with no CLI automation.
When should I use this skill?
Working with Vercel CLI using access tokens rather than interactive login—e.g. deploy to vercel, set up vercel, add environment variables to vercel.
What do I get? / Deliverables
VERCEL_TOKEN is located and exported, then Vercel CLI deploy and env-var commands run headlessly for preview or production.
- Exported VERCEL_TOKEN for the session
- Successful vercel deploy or env sync commands
- Documented which env file variable maps to VERCEL_TOKEN
Recommended Skills
Journey fit
Token-based Vercel CLI is a Ship activity: getting builds onto hosting with repeatable, non-interactive auth at launch time. Launch subphase covers deploy commands, env propagation, and first production push—the exact flows this skill documents.
How it compares
Use this skill for token-auth CLI deploy steps; use Vercel’s dashboard or Git integration when you do not need agent-driven CLI commands.
Common Questions / FAQ
Who is vercel-cli-with-tokens for?
Indie developers and small teams using Vercel CLI from coding agents or CI where browser-based login is not possible.
When should I use vercel-cli-with-tokens?
During Ship launch when you say deploy to Vercel, set up Vercel, or add environment variables to Vercel without an interactive session.
Is vercel-cli-with-tokens safe to install?
Tokens are secrets—review the Security Audits panel on this page, keep VERCEL_TOKEN out of logs, and rotate tokens if they were exposed in chat.
SKILL.md
READMESKILL.md - Vercel Cli With Tokens
# Vercel CLI with Tokens Deploy and manage projects on Vercel using the CLI with token-based authentication, without relying on `vercel login`. ## Step 1: Locate the Vercel Token Before running any Vercel CLI commands, identify where the token is coming from. Work through these scenarios in order: ### A) `VERCEL_TOKEN` is already set in the environment ```bash printenv VERCEL_TOKEN ``` If this returns a value, you're ready. Skip to Step 2. ### B) Token is in a `.env` file under `VERCEL_TOKEN` ```bash grep '^VERCEL_TOKEN=' .env 2>/dev/null ``` If found, export it: ```bash export VERCEL_TOKEN=$(grep '^VERCEL_TOKEN=' .env | cut -d= -f2-) ``` ### C) Token is in a `.env` file under a different name Look for any variable that looks like a Vercel token (Vercel tokens typically start with `vca_`): ```bash grep -i 'vercel' .env 2>/dev/null ``` Inspect the output to identify which variable holds the token, then export it as `VERCEL_TOKEN`: ```bash export VERCEL_TOKEN=$(grep '^<VARIABLE_NAME>=' .env | cut -d= -f2-) ``` ### D) No token found — ask the user If none of the above yield a token, ask the user to provide one. They can create a Vercel access token at vercel.com/account/tokens. --- **Important:** Once `VERCEL_TOKEN` is exported as an environment variable, the Vercel CLI reads it natively — **do not pass it as a `--token` flag**. Putting secrets in command-line arguments exposes them in shell history and process listings. ```bash # Bad — token visible in shell history and process listings vercel deploy --token "vca_abc123" # Good — CLI reads VERCEL_TOKEN from the environment export VERCEL_TOKEN="vca_abc123" vercel deploy ``` ## Step 2: Locate the Project and Team Similarly, check for the project ID and team scope. These let the CLI target the right project without needing `vercel link`. ```bash # Check environment printenv VERCEL_PROJECT_ID printenv VERCEL_ORG_ID # Or check .env grep -i 'vercel' .env 2>/dev/null ``` **If you have a project URL** (e.g. `https://vercel.com/my-team/my-project`), extract the team slug: ```bash # e.g. "my-team" from "https://vercel.com/my-team/my-project" echo "$PROJECT_URL" | sed 's|https://vercel.com/||' | cut -d/ -f1 ``` **If you have both `VERCEL_ORG_ID` and `VERCEL_PROJECT_ID` in your environment**, export them — the CLI will use these automatically and skip any `.vercel/` directory: ```bash export VERCEL_ORG_ID="<org-id>" export VERCEL_PROJECT_ID="<project-id>" ``` Note: `VERCEL_ORG_ID` and `VERCEL_PROJECT_ID` must be set together — setting only one causes an error. ## CLI Setup Ensure the Vercel CLI is installed and up to date: ```bash npm install -g vercel vercel --version ``` ## Deploying a Project Always deploy as **preview** unless the user explicitly requests production. Choose a method based on what you have available. ### Quick Deploy (have project ID — no linking needed) When `VERCEL_TOKEN` and `VERCEL_PROJECT_ID` are set in the environment, deploy directly: ```bash vercel deploy -y --no-wait ``` With a team scope (either via `VERCEL_ORG_ID` or `--scope`): ```bash vercel deploy --scope <team-slug> -y --no-wait ``` Production (only when explicitly requested): ```bash vercel deploy --prod --scope <team-slug> -y --no-wait ``` Check status: ```bash vercel inspect <deployment-url> ``` ### Full Deploy Flow (no project ID — need to link) Use this when you have a token and team but no pre-existing project ID. #### Check project state first ```bash # Does the project have a git remote? git remote get-url origin 2>/dev/null # Is it already linked to a Vercel project? cat .vercel/project.json 2>/dev/null || cat .vercel/rep