Vercel Community

[▲ Vercel Community](/) · [Categories](/categories) · [Latest](/latest) · [Top](/top) · [Live](/live)

[Feedback](/c/feedback/8)

# Feature Request: Token-less GitHub Actions deployments via OIDC

146 views · 3 likes · 3 posts


celsius narhwal (@celsiusnarhwal) · 2025-07-11 · ♥ 3

[Deploying a site to Vercel from GitHub Actions](https://vercel.com/guides/how-can-i-use-github-actions-with-vercel) currently requires the use of an account token. Having to create and keep track of these tokens has long been an annoying, but necessary, ordeal.

Today, however, [GitHub allows Actions workflows to exchange short-lived tokens directly with third-party services via OpenID Connect](https://docs.github.com/en/actions/concepts/security/openid-connect) (OIDC). This enables workflows to perform authenticated actions against third-party services without needing to store secrets from those services in GitHub. I kindly ask that you consider supporting this functionality on the Vercel platform and in the Vercel CLI.

PyPI uses this functionality to enable what it calls ["trusted publishing"](https://docs.pypi.org/trusted-publishers/adding-a-publisher/#github-actions). Vercel could work in a similar fashion: users provide the name of the repository and workflow authorized to create deployments, and the Vercel CLI would automatically exchange the workflow job's OIDC token for a short-lived Vercel token as needed.

TL;DR: It would be really awesome if I didn't need a Vercel token every time I wanted to deploy from GitHub Actions and GitHub now has the technology to make that possible. Please consider implementing it. 🙏🏾


Kim Gustyr (@kimgustyr-9130) · 2025-08-13

Please consider implementing this. OIDC proved to be more secure and reliable that having to store credentials and rotate them manually.


François Voron (@francois-5882) · 2025-09-05

+1

This is even more needed since there is no way to have team-wide API tokens. Currently, I use my own API token in the CI of our product. If I ever leave the company, we’ll need to remember to change it to another company member.