actions/vault-action
3
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-04-07 04:29:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 26b605b758 into 79632e33d6

Browse source
This commit is contained in:
Justin Wood (Callek) 2026-04-06 12:11:15 -04:00 committed by GitHub
commit c662ea75ad
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -1,5 +1,10 @@
## Unreleased
Major (Breaking Change):
* `exportEnv` now defaults to `false`. If you relied on that feature please switch it to `true` or reference via outputs.
This change was made to facilitate a better default supply chain security position. (https://github.com/hashicorp/vault-action/pull/598)
## 3.4.0 (June 13, 2025)
Bugs:

8
README.md
View file

@ -357,7 +357,7 @@ steps:
run: "my-cli --token '${{ steps.secrets.outputs.npmToken }}'"
```
_**Note:** If you'd like to only use outputs and disable automatic environment variables, you can set the `exportEnv` option to `false`._
_**Note:** By default, environment variable export is disabled. If youd like to enable automatic environment variables, you can set the `exportEnv` option to `true`._
### Set Output Variable Name
@ -403,7 +403,7 @@ with:
secret/data/ci/aws * | MYAPP_ ;
```
When using the `exportEnv` option all exported keys will be normalized to uppercase. For example, the key `SecretKey` would be exported as `MYAPP_SECRETKEY`.
When using the `exportEnv` option (when enabled), all exported keys will be normalized to uppercase. For example, the key `SecretKey` would be exported as `MYAPP_SECRETKEY`.
You can disable uppercase normalization by specifying double asterisks `**` in the selector path:
```yaml
@ -675,9 +675,9 @@ A string of newline separated extra headers to include on every request.
### `exportEnv`
**Type: `string`**\
**Default: `true`**
**Default: `false`**
Whether or not to export secrets as environment variables.
Whether or not to export secrets as environment variables. This is disabled by default and must be explicitly enabled if environment variable export is desired.
### `exportToken`

2
action.yml
View file

@ -56,7 +56,7 @@ inputs:
required: false
exportEnv:
description: 'Whether or not export secrets as environment variables.'
default: 'true'
default: 'false'
required: false
exportToken:
description: 'Whether or not export Vault token as environment variables.'