vercel-security-basics

Solid

Apply Vercel security best practices for secrets, headers, and access control. Use when securing API keys, configuring security headers, or auditing Vercel security configuration. Trigger with phrases like "vercel security", "vercel secrets", "secure vercel", "vercel headers", "vercel CSP".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Vercel Security Basics ## Overview Secure Vercel deployments with proper secret management, security headers, deployment protection, and access token hygiene. Covers environment variable scoping, Content Security Policy, and preventing common secret exposure patterns. ## Prerequisites - Vercel CLI installed and authenticated - Access to Vercel dashboard - Understanding of HTTP security headers ## Instructions ### Step 1: Secret Management with Environment Variables ```bash # Add secrets scoped to specific environments vercel env add DATABASE_URL production vercel env add DATABASE_URL preview vercel env add DATABASE_URL development # Use 'sensitive' type — values hidden in dashboard and logs vercel env add API_SECRET production --sensitive # Via REST API curl -X POST "https://api.vercel.com/v9/projects/my-app/env" \ -H "Authorization: Bearer $VERCEL_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "key": "API_SECRET", "value": "sk-secret-value", "type": "sensitive", "target": ["production"] }' ``` **Critical rule:** Never prefix secrets with `NEXT_PUBLIC_`. Variables starting with `NEXT_PUBLIC_` are inlined into the client JavaScript bundle and visible to anyone. ### Step 2: Security Headers via vercel.json ```json { "headers": [ { "source": "/(.*)", "headers": [ { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "X-Frame-Options", "value": "DENY" }, { "key": "X-XSS-Protection", "val...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Vercel · Cloud REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

vercel-policy-guardrails

Implement lint rules, CI policy checks, and automated guardrails for Vercel projects. Use when setting up code quality rules, preventing secret exposure, or enforcing deployment policies for Vercel applications. Trigger with phrases like "vercel policy", "vercel lint", "vercel guardrails", "vercel best practices check", "vercel secret scan".

2,266 Updated today
jeremylongshore
AI & Automation Solid

vercel-known-pitfalls

Identify and avoid Vercel anti-patterns and common integration mistakes. Use when reviewing Vercel code for issues, onboarding new developers, or auditing existing Vercel deployments for best practice violations. Trigger with phrases like "vercel mistakes", "vercel anti-patterns", "vercel pitfalls", "vercel what not to do", "vercel code review".

2,266 Updated today
jeremylongshore
API & Backend Listed

vercel-platform-security

Security audit for applications deployed on Vercel covering environment variable scoping (Production/Preview/Development), Deployment Protection, Edge Config secrets, Vercel Cron auth, Image Optimization SSRF, custom headers via vercel.json, branch/deployment URL exposure, and Vercel-specific platform concerns. Use this skill whenever the user mentions Vercel, vercel.json, vercel deploy, Edge Config, Vercel Cron, Deployment Protection, preview deployments, or asks "audit my Vercel deployment", "Vercel security review". Trigger when the codebase contains `vercel.json`, `.vercel/`, or Vercel is the deployment target.

1 Updated 6 days ago
hlsitechio
AI & Automation Listed

env-vars

Vercel environment variable expert guidance. Use when working with .env files, vercel env commands, OIDC tokens, or managing environment-specific configuration.

1 Updated 3 days ago
build-with-dhiraj
DevOps & Infrastructure Listed

vercel

Deploys applications to Vercel including serverless functions, edge functions, environment variables, and CI/CD. Use when deploying Next.js applications, frontend projects, or serverless APIs.

4 Updated 4 months ago
mgd34msu