Lorem, ipsum dolor sit amet consectetur adipisicing elit. Qui, itaque voluptate ipsa non enim amet ducimus voluptatibus deserunt nam esse!
Hacky JS
Environment Variable Security Post-2026: Why Sensitive Marking Matters

Environment Variable Security Post-2026: Why Sensitive Marking Matters

pr0h0
securityvercelenvironment-variablesincident-response
AI Usage (91%)

The April 2026 Vercel incident is worth reading closely because the failure mode was narrower than the headline suggests. An attacker got into a third-party AI tool, used that access to take over a Vercel employee Google Workspace account, then moved through Vercel systems and enumerated environment variables that were not marked sensitive. That chain is the part worth studying.

What the April 2026 incident actually exposed

The path from a third-party tool compromise to environment variable access

Vercel's bulletin says the incident started with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. From there, the attacker took over the employee's individual Google Workspace account, then the employee's Vercel account, and later pivoted inside Vercel infrastructure.

That sequence is the one engineers should model in their own reviews. The initial compromise did not need a direct exploit against the target platform. It used identity, then internal trust, then product access. By the time the attacker touched environment variables, the account path had already been lost.

Why only non-sensitive variables were in scope

Vercel said the initial impacted set was a limited subset of customers whose non-sensitive environment variables stored on Vercel could be decrypted to plaintext. They later expanded review, found a few more affected accounts, and also found some unrelated compromise signs that did not appear to originate on Vercel systems.

The key detail is that “non-sensitive” was not just a UI label. It controlled whether the value could be read in plaintext after access. That is the boundary you should care about in your own tooling.

Sensitive marking is a control, not a label

What “non-sensitive” meant in practice

If a value was not marked sensitive, it could be enumerated and decrypted in plaintext. That means API keys, database credentials, signing keys, and tokens in that category should be treated as exposed once account access is suspected.

I see teams make a bad assumption here: they assume environment variables are safe because they are not in git. That is storage hygiene, not protection. If the platform or account is already compromised, the variable is still readable.

Why plaintext access changes the blast radius

Plaintext access turns a scoped account incident into a systems incident. One readable secret can reach production data, CI/CD, internal admin panels, or other cloud services. The blast radius is defined by what the secret unlocks, not by where it was stored.

⚠️

Deleting the project or account is not enough if secrets were already exposed. Rotate first, then clean up.

How to audit your own environment variable exposure

Separate secrets from config and public values

Start by classifying every environment variable into one of three buckets:

  • public config: feature flags, deployment labels, non-secret endpoints
  • internal config: values that are not secret but should not leak casually
  • secrets: anything that grants access or can sign, decrypt, or impersonate

A simple test works well: if someone reads the value, can they act as your system, your user, or your admin? If yes, it is a secret.

Check which values can be read, logged, or exported

You want to know three things for every platform and every runtime:

  1. Can the value be read through the dashboard or API?
  2. Can it leak through logs, error pages, or build output?
  3. Can it be exported into CI jobs, preview environments, or local shells?

A quick audit script can help map exposure paths:

const riskyPrefixes = ["DB_", "JWT_", "NEXTAUTH_", "STRIPE_", "AWS_", "GITHUB_"];

for (const [key, value] of Object.entries(process.env)) {
  if (riskyPrefixes.some((p) => key.startsWith(p))) {
    console.log(key, value ? "present" : "missing");
  }
}

That script is not a fix. It is a reminder that your runtime probably knows more secrets than your team has documented.

Rotate before deletion if compromise is plausible

If there is any chance a secret was exposed, rotate it before deleting accounts, projects, or old environments. Deletion does not revoke a bearer token already copied elsewhere.

A JavaScript-first rotation checklist

Inventory keys, tokens, database credentials, and signing keys

Make a flat inventory first. In practice, that usually means:

  • database usernames and passwords
  • JWT signing keys and session secrets
  • OAuth client secrets
  • API keys for payments, email, storage, and AI services
  • deployment protection tokens

If the secret is used by code, the code should point to a replacement before the old one dies.

Replace credentials without breaking production

Use overlap windows where possible. For example, if your app verifies JWTs, accept both the old and new signing key briefly, then cut over after all active sessions age out.

For database credentials, create a new user or secret, deploy the new value, confirm successful connections, then revoke the old credential.

export function readConfig(name) {
  const value = process.env[name];
  if (!value) throw new Error(`Missing config: ${name}`);
  return value;
}

This is the boring code that saves you during incident response. Hidden fallback logic and “temporary” secrets are what make rotations fail at 2 a.m.

Verify the old secret is dead everywhere

After rotation, check more than the primary app:

  • preview deployments
  • background jobs
  • local .env files
  • CI secrets stores
  • developer laptops
  • third-party integrations

If one stale consumer still accepts the old value, you do not have a rotation. You have a partial cleanup.

MFA, passkeys, and deployment protection are part of the same fix

Protect the identity layer first

Vercel recommended MFA, including authenticator apps and passkeys. That is the right order. If an attacker can reuse a stolen session or compromise a cloud identity, secret hygiene alone will not save you.

Review activity logs and recent deployments

Vercel also pointed customers to activity logs and recent deployments. That is where you look for odd reads, unexpected environment changes, unfamiliar deploys, or suspicious deletion patterns.

Raise deployment protection to Standard or above

If your platform offers deployment protection tokens or a protection tier, treat it as part of the incident response surface. Vercel specifically advised setting Deployment Protection to Standard at minimum and rotating those tokens if they exist.

What teams should change after this incident

Default new secrets to sensitive

Make the safe path the default. If a value is a secret, it should be marked sensitive on day one, not after someone notices a risk review gap.

Make secret rotation routine, not emergency-only

The best teams I work with rotate credentials on a schedule, not only after a scare. That practice makes the April-2026-style response much less chaotic because the plumbing is already familiar.

Treat account deletion as irrelevant to leaked credentials

This is the lesson people resist most. Once a secret leaves the boundary, deleting the account that stored it does not make the secret disappear. The credential still works until you revoke it.

Closing note

This incident did not show that environment variables are bad. It showed that plaintext-readable secrets are part of your attack surface as soon as identity is compromised. Sensitive marking, MFA, deployment protection, and fast rotation are not separate best practices. They are the same control chain, and the chain breaks at the weakest link.

Share this post

More posts

Comments