INN-1984: Docs: Add Vercel bypass protection docs (#486)

* Docs: Add Vercel bypass protection docs * Update pages/docs/deploy/vercel.mdx Co-authored-by: Aaron Harper <[email protected]> --------- Co-authored-by: Aaron Harper <[email protected]>
inngest · Aug 30, 2023 · 32f2db8 · 32f2db8 · vercel · Aug 30, 2023
1 parent d47e301
commit 32f2db8
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/pages/docs/deploy/vercel.mdx b/pages/docs/deploy/vercel.mdx
@@ -29,6 +29,29 @@ Installing [Inngest's official Vercel integraiton](https://vercel.com/integratio
 
 After you're installed, every new deploy to Vercel will update functions in [the Inngest dashboard](https://app.inngest.com/functions) within a few seconds!
 
+## Bypassing Deployment Protection
+
+If you have Vercel's [Deployment Protection feature](https://vercel.com/docs/security/deployment-protection) enabled, _by default_, Inngest will not be able to send HTTP requests to your application's preview environments. To enable this, you will need to leverage Vercel's "[Protection Bypass for Automation](https://vercel.com/docs/security/deployment-protection#protection-bypass-for-automation)" feature. Access to this feature may be dependent on the Vercel plan that you're paying for (please see docs linked above). Here's how to set it up:
+
+1. Enable "Protection Bypass for Automation" on your Vercel project
+2. Copy your secret
+3. Goto [the Vercel integration settings page in the Inngest dashboard](https://app.inngest.com/settings/integrations/vercel)
+4. For each project that you would like to enable this for, append the secret as a query string parameter to your Inngest serve route. e.g. `/api/inngest?x-vercel-protection-bypass=XYZ...` (see below). Inngest will now use this parameter to communicate with your application to bypass the deployment protection.
+5. Trigger a re-deploy of your preview environment(s) (this re-deploys the functions to Inngest)
+
+<img
+  src="/assets/docs/deploy/vercel-protection-bypass.png"
+  width="400"
+  height={400/726*248}
+  quality="95"
+  className="max-w-[400px]"
+  alt="A Vercel protection bypass secret appended as a query string in the Inngest dashboard"
+/>
+
+<Callout variant="warning">
+  <span className="text-yellow-300">⚠️</span> Warning - This URL is stored in the Inngest database as a plaintext value, so the bypass protection secret is not encrypted at rest in our database. In the future, we plan to store this value in a separate encrypted location.
+</Callout>
+
 ---
 
 ### Manually registering functions

diff --git a/public/assets/docs/deploy/vercel-protection-bypass.png b/public/assets/docs/deploy/vercel-protection-bypass.png