Vercel Blob now defaults to OIDC authentication for all new projects, eliminating the need for long-lived BLOB_READ_WRITE_TOKEN secrets. Tokens are issued by Vercel, rotate automatically, and are short-lived by design.
Existing stores can be upgraded: update to the latest @vercel/blob package, go to the Projects tab under your Blob store, and select Upgrade to OIDC from the context menu. Functions on Vercel receive the token automatically. The Vercel CLI also picks it up from environment variables, meaning local development and automated agents can read and write to private stores without a static credential in sight.
The full documentation covers SDK authentication setup and is worth reading for teams managing multiple stores or agent-based workflows where rotating secrets manually has been a persistent operational liability.
[READ ORIGINAL →]