Vercel Introduces Secure Signed URLs
TL;DR: Vercel has introduced signed URLs for its Blob storage service. This feature allows developers to generate temporary, secure links for specific files. Each URL is scoped to a single action like uploading or downloading and has a configurable expiry of up to seven days, enhancing security.
Key facts
- Category
- Infrastructure
- Impact
- High
- Published
- Source
- Vercel Blog
Full summary
Vercel Blob now supports signed URLs, allowing developers to create temporary, secure links for specific file operations without exposing the entire store.
Vercel has launched signed URLs for its Blob storage service, enabling the creation of time-limited, permission-specific URLs for interacting with individual files. Developers can now generate a unique URL for a single operation, such as uploading, downloading, inspecting, or deleting a specific object. Each signed URL is tied to a particular file path and has a customizable expiration date, which can be set for up to seven days. The signature embedded in the URL enforces these constraints, ensuring the link can only be used for its intended purpose within its designated timeframe, providing granular control over file access.
This feature is a significant enhancement for developers using the Vercel ecosystem, particularly for applications that handle user-generated content or sensitive files. Previously, managing access to files in Vercel Blob could require more complex server-side logic to proxy requests and enforce permissions. Now, developers can securely grant temporary access directly to a client application, such as a web browser, to upload or download a file. This simplifies application architecture, reduces server load, and strengthens security by preventing the exposure of permanent credentials or granting overly broad permissions to the entire blob store.
Tags
Primary source: Vercel Blog