With Password Protection enabled, visitors to your deployment must enter the pre-defined password to gain access. You can set the desired password from your project settings when enabling the feature, and update it any time
The table below outlines key considerations and security implications when using Password Protection for your deployments on Vercel.
Can be enabled for different environments. See Understanding Deployment Protection by environment
Users only need to enter the password once per deployment, or when the password changes, due to cookie set by the feature being invalidated on password change
Users must re-enter a new password if you change the existing one
All existing deployments become unprotected if you disable the feature
JWT tokens set as cookies are valid only for the URL they were set for and can't be reused for different URLs, even if those URLs point to the same deployment
From your Vercel dashboard:
- Select the project that you wish to enable Password Protection for
- Go to Settings then Deployment Protection
From the Password Protection section:
- Use the toggle to enable the feature
- Select the deployment environment you want to protect
- Enter a password of your choice
- Finally, select Save
All your existing and future deployments will be protected with a password for the project. Next time when you access a deployment, you will be asked to log in by entering the password, which takes you to the deployment. A cookie will then be set in your browser for the deployment URL so you don't need to enter the password every time.