Safely inject credentials in HTTP headers with Vercel Sandbox

Source: Vercel Blog

can now automatically inject HTTP headers into outbound requests from sandboxed code. This keeps API keys and tokens safely outside the sandbox VM boundary, so apps running inside the sandbox can call authenticated services without ever accessing the credentials.

Header Injection Overview

Header injection is configured as part of the network policy. When the sandbox makes an HTTPS request to a matching domain, the firewall adds or replaces the specified headers before forwarding the request.

Security Benefits

• AI agent workflows – Designed for scenarios where prompt injection is a real threat. Even if an agent is compromised, there’s nothing to exfiltrate because the credentials exist only in a layer outside the VM.

Configuration

• Domain matching – Supports exact domains and wildcards (e.g., *.github.com). Injection triggers only when the outbound request matches the configured domain pattern.
• Injection rules – Work with all egress network policy configurations, including open‑internet access.
• Policy combination – Injection rules can be combined with allow‑all, deny‑all, or domain‑specific allow lists.

Runtime Updates

Injection rules can be updated on a running sandbox without restarting it. This enables multi‑phase workflows, such as:

1. Inject credentials during a setup phase.
2. Remove the injection rules before running untrusted code.

Availability

Available to all Pro and Enterprise customers. See the Vercel Sandbox documentation for more details.

Key Highlights

• Header overwrite – Injection applies to HTTP headers on outbound requests.
• Full replacement – Injected headers overwrite any existing headers with the same name set by sandbox code, preventing the sandbox from substituting its own credentials.
• Domain matching – Supports exact domains and wildcards (e.g., *.github.com).
• Works with all policies – Combine injection rules with allow‑all, deny‑all, or domain‑specific allow lists.