hashicorp/vault-action

[FEAT] The `secrets` input should be optional.

juicemia opened this issue · 3 comments

Is your feature request related to a problem? Please describe.
Some workflows need only to get a token from Vault so that some program may use them. An example of this
is when using Terraform to spin up infrastructure in GCP with the Google Cloud Secrets Engine. In this case,
when running Terraform, VAULT_TOKEN is set after being retrieved with something like Approle auth, and
a GCP service account token is generated by the backend after reading a certain path in Terraform. So the
use case here is only getting a token from Vault via Approle auth, not actually reading a secret.

Describe the solution you'd like
For the secret input to be optional.

Describe alternatives you've considered

  • Using curl to get the token and then passing that along by setting the environment variable. curl isn't ideal
    because it's not easy to handle different types of failures when using it.
  • Just fetching a secret and never actually using it.

Additional context
I found this Github issue but in this case the person
who opened it was just confused so they reported a bug.

iiro commented

Hmm, "secrets" is already optional: https://github.com/hashicorp/vault-action#reference ...

Thanks for the request. @iiro is correct, this got added in #299 and released in 2.4.1 - do let us know if the feature isn't working though, and please make sure to include your action config and the error message if so.

Ah that's good I'll double check my version. Sorry for the duplicate feature request. I could swear I searched up and down for something related to this but I didn't find it.