Safely inject credentials in HTTP headers with Vercel Sandbox

Vercel Sandbox supports HTTP header injection for outbound requests, keeping API credentials outside the sandbox VM.

• •Injection is configured via networkPolicy with a transform field, replacing headers before HTTPS requests reach matching domains.
• •Credentials stay outside the VM, so even a compromised agent has nothing to exfiltrate.
• •Rules support exact and wildcard domains (*.github.com) with any egress policy configuration.
• •Injection rules can be updated on a live sandbox without restart, enabling phased workflows like injecting then revoking credentials.