Password Protection
Learn how to protect your deployments with a password.With Password Protection enabled, visitors to your deployment must enter the pre-defined password to gain access. You can set the desired password from your project settings when enabling the feature, and update it any time
Deployment protected with Password Protection authentication screen.
The table below outlines key considerations and security implications when using Password Protection for your deployments on Vercel.
| Consideration | Description |
|---|---|
| Environment Configuration | Can be enabled for different environments. See Understanding Deployment Protection by environment |
| Compatibility | Compatible with Vercel Authentication and Trusted IPs |
| Bypass Methods | Can be bypassed using Shareable Links and Protection bypass for Automation |
| CORS-preflight Requests | CORS OPTIONS requests are not protected, per CORS specifications |
| Password Persistence | Users only need to enter the password once per deployment, or when the password changes, due to cookie set by the feature being invalidated on password change |
| Password Changes | Users must re-enter a new password if you change the existing one |
| Disabling Protection | All existing deployments become unprotected if you disable the feature |
| Token Scope | JWT tokens set as cookies are valid only for the URL they were set for and can't be reused for different URLs, even if those URLs point to the same deployment |
You can manage Password Protection through the dashboard, API, or Terraform:
From your Vercel dashboard:
- Select the project that you wish to enable Password Protection for
- Go to Settings then Deployment Protection
From the Password Protection section:
- Use the toggle to enable the feature
- Select the deployment environment you want to protect
- Enter a password of your choice
- Finally, select Save
All your existing and future deployments will be protected with a password for the project. Next time when you access a deployment, you will be asked to log in by entering the password, which takes you to the deployment. A cookie will then be set in your browser for the deployment URL so you don't need to enter the password every time.
You can manage Password Protection using the Vercel API endpoint to update an existing project with the following body
deploymentTypeprod_deployment_urls_and_all_previews: Standard Protectionall: All Deploymentspreview: Only Preview Deployments
password: Password
// enable / update password protection
{
"passwordProtection": {
"deploymentType": "prod_deployment_urls_and_all_previews" | "all" | "preview",
"password": "<password>"
},
}
// disable password protection
{
"passwordProtection": null
}You can configure Password Protection using password_protection in the vercel_project data source in the Vercel Terraform Provider.
Was this helpful?