VercelSecure Credential Handling in Sandboxed Environments
Vercel Sandbox now offers header injection via the network policy transform option, enabling automatic injection of HTTP headers into outbound requests from sandboxed code. This addresses a critical security need for AI agent workflows where prompt injection and code compromise are real threats—credentials are kept outside the sandbox VM entirely, so even if the sandbox code is compromised, there's nothing for an attacker to exfiltrate.
How It Works
Configure header injection as part of the networkPolicy when creating a sandbox:
const sandbox = await Sandbox.create({
networkPolicy: {
allow: {
"ai-gateway.vercel.sh": [{
transform: [{
headers: {
authorization: `Bearer ${process.env.AI_GATEWAY_API_KEY}`
}
}]
}]
}
}
});
When the sandbox makes an HTTPS request to a matching domain, the firewall automatically adds or replaces the specified headers before forwarding the request. The sandboxed code itself never knows the credentials exist.
Key Features
- Domain matching: Use exact domains or wildcards (e.g.,
*.github.com) to target specific services - Header overwriting: Injected headers replace any headers the sandbox code attempts to set, preventing credential substitution attacks
- Works with all policies: Combine injection rules with
allow-allor domain-specific allow lists - Live updates: Update injection rules on running sandboxes without restart, enabling multi-phase workflows (inject credentials during setup, remove them before running untrusted code)
Availability
This feature is available to all Pro and Enterprise customers. See the Vercel Sandbox documentation for implementation details.