OpenID Connect (OIDC) Federation now available in Beta

Authors

Vercel now supports OpenID Connect (OIDC) Federation, enabling you to enhance your security by replacing long-lived environment variable credentials with short-lived, RSA-signed JWTs for external requests in both builds and Vercel Functions.

You can now leverage Vercel's OIDC Identity Provider (IdP) to issue persistent tokens for cloud providers such as AWS, Azure, GCP, and more.

Enable OIDC in your project's security settings and leverage the @vercel/functions package for integration with third-party providers, like this:

import { awsCredentialsProvider } from '@vercel/functions/oidc';
import * as s3 from '@aws/client-s3';
const s3client = new s3.S3Client({
credentials: awsCredentialsProvider({
roleArn: process.env.AWS_ROLE_ARN!,
}),
});

Learn more about OpenID Connect Federation in the documentation.