Password Protection

Learn how to protect your deployments with a password.
Table of Contents

Password Protection is available on Enterprise plans or with the Advanced Deployment Protection add-on for Pro plans

With Password Protection enabled, visitors to your deployment must enter the pre-defined password to gain access. You can set the desired password from your project settings when enabling the feature, and update it any time

Deployment protected with Password Protection authentication screen.

The table below outlines key considerations and security implications when using Password Protection for your deployments on Vercel.

Environment ConfigurationCan be enabled for different environments. See Understanding Deployment Protection by environment
CompatibilityCompatible with Vercel Authentication and Trusted IPs
Bypass MethodsCan be bypassed using Shareable Links and Protection bypass for Automation
CORS-preflight RequestsCORS OPTIONS requests are not protected, per CORS specifications
Password PersistenceUsers only need to enter the password once per deployment, or when the password changes, due to cookie set by the feature being invalidated on password change
Password ChangesUsers must re-enter a new password if you change the existing one
Disabling ProtectionAll existing deployments become unprotected if you disable the feature
Token ScopeJWT tokens set as cookies are valid only for the URL they were set for and can't be reused for different URLs, even if those URLs point to the same deployment

From your Vercel dashboard:

  1. Select the project that you wish to enable Password Protection for
  2. Go to Settings then Deployment Protection

From the Password Protection section:

  1. Use the toggle to enable the feature
  2. Select the deployment environment you want to protect
  3. Enter a password of your choice
  4. Finally, select Save

All your existing and future deployments will be protected with a password for the project. Next time when you access a deployment, you will be asked to log in by entering the password, which takes you to the deployment. A cookie will then be set in your browser for the deployment URL so you don't need to enter the password every time.

Enabling Password Protection.
Enabling Password Protection.
Last updated on February 28, 2024