zerok
commented
2 weeks ago Just to clarify: If that's enabled, the only way to access those secrets would be through the step's outputs, right?
Open mem opened 2 weeks ago
zerok
commented
2 weeks ago Just to clarify: If that's enabled, the only way to access those secrets would be through the step's outputs, right?
mem
commented
2 weeks ago Just to clarify: If that's enabled, the only way to access those secrets would be through the step's outputs, right?
Correct.
I would prefer to have the choice of opting out of the implicit behavior, meaning expose the exportEnv option from this action and default it to true, which is equivalent to the current behavior. In that way the user of this action can set it to false and opt out of this.
zerok
commented
1 week ago Sounds good 🙂 Thanks for the clarification!
The underlying
hashicorp/vault-actionhas an input calledexportEnvwhich defaults to true, which causes secrets to be exported as environment variables making them available in the environment to all subsequent steps. Because of the way the GitHub Actions environment works, these variables are available to all the processes started from these steps.I would prefer to have the option to disable that behavior.
hashicorp/vault-actionhas such an optoin (exportEnv: false) but does not expose that option.