Token for Vercel remote caching artifacts from Github Actions

[ericmatthys]

Remote caching works great for builds through Vercel, but in order to use remote caching for other tasks on a separate CI system, like Github Actions, it's recommended to use a personal token.

If you’re using Remote Caching on Vercel, but building in another CI provider like CircleCI or GitHub Actions, you can use a Vercel Personal Access Token as your —token or TURBO_TOKEN.

This seems problematic for a team environment. As far as I understand them, these personal tokens can be used to access your personal account. Exposing them in CI configuration would make them visible to others. Also, if the personal account used to create the token leaves the team, it seems like there would be a loose end that might break the setup when that account is removed from the Vercel team.

Do these concerns hold up or am I misunderstanding them? Are there any recommendations on how to do this in a team environment?

[ericmatthys]

https://vercel.com/changelog/access-tokens-can-now-be-scoped-to-teams