get-vault-secrets does not expose exportEnv

[mem]

The underlying hashicorp/vault-action has an input called exportEnv which defaults to true, which causes secrets to be exported as environment variables making them available in the environment to all subsequent steps. Because of the way the GitHub Actions environment works, these variables are available to all the processes started from these steps.

I would prefer to have the option to disable that behavior. hashicorp/vault-action has such an optoin (exportEnv: false) but does not expose that option.

[zerok]

Just to clarify: If that's enabled, the only way to access those secrets would be through the step's outputs, right?

[mem]

Just to clarify: If that's enabled, the only way to access those secrets would be through the step's outputs, right?

Correct.

I would prefer to have the choice of opting out of the implicit behavior, meaning expose the exportEnv option from this action and default it to true, which is equivalent to the current behavior. In that way the user of this action can set it to false and opt out of this.

[zerok]

Sounds good 🙂 Thanks for the clarification!