Password Protection

Learn how to protect your deployments with a password.
Table of Contents

Password Protection is available on Enterprise plans or with the Advanced Deployment Protection add-on for Pro plans

Those with the owner, member and admin roles can manage Password Protection

With Password Protection enabled, visitors to your deployment must enter the pre-defined password to gain access. You can set the desired password from your project settings when enabling the feature, and update it any time

Deployment protected with Password Protection authentication screen.
Deployment protected with Password Protection authentication screen.

The table below outlines key considerations and security implications when using Password Protection for your deployments on Vercel.

ConsiderationDescription
Environment ConfigurationCan be enabled for different environments. See Understanding Deployment Protection by environment
CompatibilityCompatible with Vercel Authentication and Trusted IPs
Bypass MethodsCan be bypassed using Shareable Links and Protection bypass for Automation
Password PersistenceUsers only need to enter the password once per deployment, or when the password changes, due to cookie set by the feature being invalidated on password change
Password ChangesUsers must re-enter a new password if you change the existing one
Disabling ProtectionAll existing deployments become unprotected if you disable the feature
Token ScopeJWT tokens set as cookies are valid only for the URL they were set for and can't be reused for different URLs, even if those URLs point to the same deployment

You can manage Password Protection through the dashboard, API, or Terraform:

  1. From your Vercel dashboard:

    1. Select the project that you wish to enable Password Protection for
    2. Go to Settings then Deployment Protection
  2. From the Password Protection section:

    1. Use the toggle to enable the feature
    2. Select the deployment environment you want to protect
    3. Enter a password of your choice
    4. Finally, select Save

    All your existing and future deployments will be protected with a password for the project. Next time when you access a deployment, you will be asked to log in by entering the password, which takes you to the deployment. A cookie will then be set in your browser for the deployment URL so you don't need to enter the password every time.

    Enabling Password Protection.
    Enabling Password Protection.

You can manage Password Protection using the Vercel API endpoint to update an existing project with the following body

  • deploymentType
    • prod_deployment_urls_and_all_previews: Standard Protection
    • all: All Deployments
    • preview: Only Preview Deployments
  • password: Password
// enable / update password protection
{
  "passwordProtection": {
    "deploymentType": "prod_deployment_urls_and_all_previews" | "all" | "preview",
    "password": "<password>"
  },
}
 
// disable password protection
{
  "passwordProtection": null
}

You can configure Password Protection using password_protection in the vercel_project data source in the Vercel Terraform Provider.

Last updated on August 7, 2024