[{"data":1,"prerenderedAt":179},["ShallowReactive",2],{"blog-blueprints/bolt-vercel":3},{"id":4,"title":5,"body":6,"category":159,"date":160,"dateModified":160,"description":161,"draft":162,"extension":163,"faq":164,"featured":162,"headerVariant":165,"image":164,"keywords":164,"meta":166,"navigation":167,"ogDescription":168,"ogTitle":164,"path":169,"readTime":170,"schemaOrg":171,"schemaType":172,"seo":173,"sitemap":174,"stem":175,"tags":176,"twitterCard":177,"__hash__":178},"blog/blog/blueprints/bolt-vercel.md","Bolt.new + Vercel Security Blueprint",{"type":7,"value":8,"toc":149},"minimark",[9,20,24,30,35,50,59,63,72,76,81,84,87,90,93,96,99,113,123,137],[10,11,12],"blueprint-summary",{},[13,14,15,19],"p",{},[16,17,18],"strong",{},"To secure a Bolt.new + Vercel stack,"," you need to: (1) move all secrets and API keys from code to Vercel environment variables, (2) add security headers via vercel.json including X-Frame-Options and CSP, (3) ensure API routes require authentication before processing requests, and (4) configure preview deployments to use test databases instead of production data. This blueprint covers deployment-specific security for Vercel hosting.",[21,22],"blueprint-meta",{"time":23},"1-2 hours",[25,26,27],"tldr",{},[13,28,29],{},"Deploying Bolt exports to Vercel requires security configuration beyond defaults. Key tasks: move all secrets to Vercel environment variables, add security headers via vercel.json, secure API routes with authentication, and configure different environments for preview vs production.",[31,32,34],"h2",{"id":33},"part-1-vercel-environment-variables","Part 1: Vercel Environment Variables",[36,37,39],"code-block",{"label":38},"Configure in Vercel Dashboard",[40,41,46],"pre",{"className":42,"code":44,"language":45},[43],"language-text","# Database\nDATABASE_URL=\"your-connection-string\"\n\n# Public (client-accessible)\nNEXT_PUBLIC_SUPABASE_URL=\"https://xxx.supabase.co\"\nNEXT_PUBLIC_SUPABASE_ANON_KEY=\"eyJ...\"\n\n# Private (server-only)\nSUPABASE_SERVICE_ROLE_KEY=\"eyJ...\"\nJWT_SECRET=\"your-secret\"\n","text",[47,48,44],"code",{"__ignoreMap":49},"",[51,52,53],"warning-box",{},[13,54,55,58],{},[16,56,57],{},"Check exported code:"," Bolt may have hardcoded values. Search for API keys and secrets before deploying.",[31,60,62],{"id":61},"part-2-vercel-security-headers","Part 2: Vercel Security Headers",[36,64,66],{"label":65},"vercel.json",[40,67,70],{"className":68,"code":69,"language":45},[43],"{\n  \"headers\": [\n    {\n      \"source\": \"/(.*)\",\n      \"headers\": [\n        { \"key\": \"X-Frame-Options\", \"value\": \"DENY\" },\n        { \"key\": \"X-Content-Type-Options\", \"value\": \"nosniff\" },\n        { \"key\": \"Referrer-Policy\", \"value\": \"strict-origin-when-cross-origin\" }\n      ]\n    }\n  ]\n}\n",[47,71,69],{"__ignoreMap":49},[31,73,75],{"id":74},"security-checklist","Security Checklist",[77,78,80],"h4",{"id":79},"vercel-deployment-checklist","Vercel Deployment Checklist",[13,82,83],{},"All secrets in Vercel environment variables",[13,85,86],{},"No hardcoded credentials in code",[13,88,89],{},"Security headers in vercel.json",[13,91,92],{},"API routes require authentication",[13,94,95],{},"Preview environment uses test database",[13,97,98],{},".env files in .gitignore",[100,101,102,107],"stack-comparison",{},[103,104,106],"h3",{"id":105},"alternative-stacks-to-consider","Alternative Stacks to Consider",[40,108,111],{"className":109,"code":110,"language":45},[43],"      **Bolt.new + Netlify**\n      Alternative deployment platform\n\n\n      **Bolt.new + Railway**\n      Container-based deployment\n\n\n      **Bolt.new + Supabase + Vercel**\n      Complete stack security\n",[47,112,110],{"__ignoreMap":49},[114,115,116],"faq-section",{},[117,118,120],"faq-item",{"question":119},"Can preview deployments access production data?",[13,121,122],{},"By default, previews use the same environment variables. Scope sensitive variables to \"Production\" only in Vercel dashboard.",[124,125,126,132],"related-articles",{},[127,128],"related-card",{"description":129,"href":130,"title":131},"Alternative deployment","/blog/blueprints/bolt-netlify","Bolt + Netlify",[127,133],{"description":134,"href":135,"title":136},"Deep dive into Vercel","/blog/guides/vercel","Vercel Security Guide",[138,139,142,146],"cta-box",{"href":140,"label":141},"/","Start Free Scan",[31,143,145],{"id":144},"deploying-bolt-to-vercel","Deploying Bolt to Vercel?",[13,147,148],{},"Scan for exposed secrets and configuration issues.",{"title":49,"searchDepth":150,"depth":150,"links":151},2,[152,153,154,158],{"id":33,"depth":150,"text":34},{"id":61,"depth":150,"text":62},{"id":74,"depth":150,"text":75,"children":155},[156],{"id":105,"depth":157,"text":106},3,{"id":144,"depth":150,"text":145},"blueprints","2026-01-30","Security guide for deploying Bolt.new apps to Vercel. Configure environment variables, secure API routes, set up headers, and protect your deployment.",false,"md",null,"purple",{"noindex":167},true,"Complete security configuration for deploying Bolt.new apps to Vercel.","/blog/blueprints/bolt-vercel","8 min read","[object Object]","Article",{"title":5,"description":161},{"loc":169},"blog/blueprints/bolt-vercel",[],"summary_large_image","hArUgJnMJ1utZZeXRfa09LkyW-WUKDAWb7FbfRG5BZc",1775843932597]