VercelSecure Credential Handling for Sandboxed Code
Vercel Sandbox now includes a credential injection feature that automatically adds HTTP headers to outbound requests from sandboxed code. This keeps API keys and authentication tokens outside the sandbox virtual machine, preventing malicious or compromised code from exfiltrating credentials.
How It Works
Header injection is configured via the transform property in the sandbox's network policy. When the sandbox makes an HTTPS request to a matching domain, Vercel's firewall automatically injects or replaces the specified headers before forwarding the request. This is particularly valuable for AI agent workflows where prompt injection attacks could otherwise compromise credentials.
const sandbox = await Sandbox.create({
networkPolicy: {
allow: {
"ai-gateway.vercel.sh": [{
transform: [{
headers: {
authorization: `Bearer ${process.env.AI_GATEWAY_API_KEY}`
}
}],
}],
},
},
});
Key Capabilities
- Domain Matching: Supports exact domains and wildcards (e.g.,
*.github.com) to control which requests receive injected headers - Header Overwriting: Injected headers fully replace any headers set by sandbox code, preventing the sandbox from substituting its own credentials
- Dynamic Updates: Network policies—including injection rules—can be updated on running sandboxes without restart, enabling multi-phase workflows
- Universal Compatibility: Works with all egress network policy configurations, including open internet access alongside restricted domain allow-lists
Multi-Phase Workflows
The live update capability enables secure multi-phase workflows. You can inject credentials during setup phases (e.g., cloning repositories), then lock down the network policy to deny-all before executing untrusted code, eliminating any risk of credential access.
Availability
This feature is available to all Pro and Enterprise customers. For more details, see the Vercel Sandbox documentation.