Yesterday's Top Poster

Vercel Private Blob is now generally available

  • Thread starter Thread starter Agustin Falco, Elliot Dauber, Can Temizyurek
  • Start date Start date
Vercel Private Blob is now generally available for all plans. Store sensitive files like user-uploaded photos, invoices, and agent memory, and control exactly who can read them. Private stores, Signed URLs, and OIDC authentication all graduate from beta with this release.

Vercel Private Blob uses the same Blob API as public blobs. Specify access: 'private' when uploading a blob:

OIDC authentication​


Functions running on Vercel now authenticate to Vercel Private Blob with a short-lived, auto-rotating OIDC token scoped to the project, with no static read-write token in your environment.

The Vercel CLI also supports OIDC authentication, so you can read from and write to a private store from your terminal without a long-lived token. For stores still using a static token, you can upgrade to OIDC and revoke the old credential from the dashboard.

Signed URLs​


Mint a URL scoped to a single operation, pathname, and an expiration date you choose for up to 7 days, then hand it to a client to perform a PUT, GET, HEAD, or DELETE operation on a single object, without ever exposing your store credentials.


Signed URLs work well when you want to grant temporary, narrow access to a private object without putting your server in the data path:


  • Let a user download a private file, like an invoice, a report, or an export, with a link that expires.


  • Share an object with a third party or external service for a fixed window.


  • Hand an agent one-off delete access to clean up a specific object.

Learn more about Vercel Private Blob in the documentation.

Read more

Continue reading...
 
Back
Top