actions/vault-action
3
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-04-07 04:29:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disable environment export by default.

Browse source 
fixes #597
This commit is contained in:
Justin Wood 2026-04-06 12:05:18 -04:00 committed by versioneer-testing
parent 79632e33d6
commit 26b605b758
3 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -1,5 +1,10 @@
## Unreleased
Major (Breaking Change):
* `exportEnv` now defaults to `false`. If you relied on that feature please switch it to `true` or reference via outputs.
This change was made to facilitate a better default supply chain security position. (https://github.com/hashicorp/vault-action/pull/598)
## 3.4.0 (June 13, 2025)
Bugs:

8
README.md
View file

@ -357,7 +357,7 @@ steps:
run: "my-cli --token '${{ steps.secrets.outputs.npmToken }}'"
```
_**Note:** If you'd like to only use outputs and disable automatic environment variables, you can set the `exportEnv` option to `false`._
_**Note:** By default, environment variable export is disabled. If youd like to enable automatic environment variables, you can set the `exportEnv` option to `true`._
### Set Output Variable Name
@ -403,7 +403,7 @@ with:
secret/data/ci/aws * | MYAPP_ ;
```
When using the `exportEnv` option all exported keys will be normalized to uppercase. For example, the key `SecretKey` would be exported as `MYAPP_SECRETKEY`.
When using the `exportEnv` option (when enabled), all exported keys will be normalized to uppercase. For example, the key `SecretKey` would be exported as `MYAPP_SECRETKEY`.
You can disable uppercase normalization by specifying double asterisks `**` in the selector path:
```yaml
@ -675,9 +675,9 @@ A string of newline separated extra headers to include on every request.
### `exportEnv`
**Type: `string`**\
**Default: `true`**
**Default: `false`**
Whether or not to export secrets as environment variables.
Whether or not to export secrets as environment variables. This is disabled by default and must be explicitly enabled if environment variable export is desired.
### `exportToken`

2
action.yml
View file

@ -56,7 +56,7 @@ inputs:
required: false
exportEnv:
description: 'Whether or not export secrets as environment variables.'
default: 'true'
default: 'false'
required: false
exportToken:
description: 'Whether or not export Vault token as environment variables.'