diff --git a/README.md b/README.md index 464f836..d0b718c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Load Secrets from 1Password - GitHub Action -The action to load secrets from [1Password Connect](https://1password.com/secrets/) into GitHub Actions. +This action loads secrets from [1Password Connect](https://1password.com/secrets/) into GitHub Actions. Specify right from your workflow YAML which secrets from 1Password should be loaded into your job, and the action will make them available as environment variables for the next steps. @@ -15,6 +15,8 @@ There are two ways that secrets can be loaded: ### Use secrets from the action's output +This approach enables the user to use the loaded secrets as an output from the step: `steps.step-id.outputs.secret-name`. You need to set an id for the step that uses this action to be able to access its outputs. More details about the metadata syntax [here](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputsoutput_id). + ```yml on: push jobs: @@ -81,6 +83,8 @@ jobs: ### Export secrets as environment variables +In this approach, the user can access the loaded secrets as environment variables. These environment variables are accessible at a job level. + ```yml on: push jobs: diff --git a/entrypoint.sh b/entrypoint.sh index 2d944d6..5446154 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,8 +7,6 @@ if [[ "$OSTYPE" == "linux-gnu"* ]]; then curl -sSfLo op.zip "https://bucket.agilebits.com/cli-private-beta/v2/op_linux_amd64_v2-alpha2.zip" elif [[ "$OSTYPE" == "darwin"* ]]; then curl -sSfLo op.zip "https://bucket.agilebits.com/cli-private-beta/v2/op_darwin_amd64_v2-alpha2.zip" -# elif [[ "$OSTYPE" == "msys"* ]]; then -# curl -sSfLo op.zip "https://bucket.agilebits.com/cli-private-beta/v2/op_windows_amd64_v2-alpha2.zip" fi unzip -od /usr/local/bin/ op.zip && rm op.zip chmod +x /usr/local/bin/op @@ -82,6 +80,7 @@ for env_var in $(op env ls); do managed_variables+=("$env_var") else + # Prepare the secret_value to be outputed properly (especially multiline secrets) secret_value=$(echo "$secret_value" | awk -v ORS='%0A' '1') echo "::set-output name=$env_var::$secret_value"