home / skills / jeremylongshore / claude-code-plugins-plus-skills / vercel-security-basics

vercel-security-basics skill

/plugins/saas-packs/vercel-pack/skills/vercel-security-basics

This skill helps secure Vercel API keys and enforce least privilege with environment controls, auditing, and configuration best practices.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill vercel-security-basics

Review the files below or copy the command above to add this skill to your agents.

Files (4)

SKILL.md

1.1 KB

---
name: vercel-security-basics
description: |
  Execute apply Vercel security best practices for secrets and access control.
  Use when securing API keys, implementing least privilege access,
  or auditing Vercel security configuration.
  Trigger with phrases like "vercel security", "vercel secrets",
  "secure vercel", "vercel API key security".
allowed-tools: Read, Write, Grep
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Vercel Security Basics

## Prerequisites
- Vercel SDK installed
- Understanding of environment variables
- Access to Vercel dashboard


See `{baseDir}/references/implementation.md` for detailed implementation guide.

## Output
- Secure API key storage
- Environment-specific access controls
- Audit logging enabled

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources
- [Vercel Security Guide](https://vercel.com/docs/security)
- [Vercel API Scopes](https://vercel.com/docs/scopes)

Overview

This skill applies Vercel security best practices focused on secrets and access control. It helps secure API keys, enforce least-privilege roles, and configure environment-specific secrets and audit settings. Use it to quickly harden Vercel projects and reduce secrets-related risk.

How this skill works

The skill inspects Vercel project and team settings, environment variable configurations, and API key scopes. It identifies overly broad keys or tokens, missing environment segmentation (development/staging/production), and recommends least-privilege role assignments. It also advises enabling audit logging and provides actionable remediation steps.

When to use it

When onboarding a new Vercel project and you need secure default configurations
Before deploying to production to verify environment-specific secrets and access
During periodic security audits to detect exposed or overly-permissioned API keys
When rotating credentials or setting up CI/CD pipelines that require secrets
When managing team access and implementing least-privilege policies

Best practices

Store all secrets in Vercel Environment Variables, scoped by environment (development/staging/production)
Avoid embedding API keys in source code or build artifacts; use server-only variables for runtime secrets
Grant minimal scopes to API tokens and prefer short-lived tokens where supported
Use team and project roles to enforce least privilege; review role assignments regularly
Enable and review audit logs to track secret access and administrative changes
Rotate keys regularly and have an incident response plan for compromised secrets

Example use cases

Scan a project to identify environment variables that are public or incorrectly scoped
Audit team members and propose role adjustments to remove unnecessary admin rights
Recommend replacement of a global API token with per-project, limited-scope tokens
Validate CI/CD pipeline secrets are injected at build/runtime and not checked into repo
Enable audit logging and provide a checklist for periodic log reviews and retention

FAQ

Can this skill rotate keys automatically?

It provides rotation recommendations and workflow steps but does not rotate keys without explicit automation configured in your environment.

Does it require dashboard access?

Yes. To inspect and remediate settings it needs appropriate Vercel team or project access and API credentials with read scopes.