From 0226ed48d6d62d47b6097d8e6cd7a662eb10da26 Mon Sep 17 00:00:00 2001
From: BERTRAND ZANCO <bertrand.zanco@adeo.com>
Date: Tue, 22 Sep 2020 09:50:18 +0200
Subject: [PATCH] Add export Vault Token

---
 README.md     | 1 +
 action.yml    | 4 ++++
 src/action.js | 6 ++++++
 3 files changed, 11 insertions(+)

diff --git a/README.md b/README.md
index f9f6841..2fb07c7 100644
--- a/README.md
+++ b/README.md
@@ -250,6 +250,7 @@ Here are all the inputs available through `with`:
 | `authPayload`       | The JSON payload to be sent to Vault when using a custom authentication method.                                                                      |         |          |
 | `extraHeaders`      | A string of newline separated extra headers to include on every request.                                                                             |         |          |
 | `exportEnv`         | Whether or not export secrets as environment variables.                                                                                              | `true`  |          |
+| `exportToken`       | Whether or not export Vault token as environment variables (i.e VAULT_TOKEN).                                                                        | `false` |          |
 | `caCertificate`     | Base64 encoded CA certificate the server certificate was signed with.                                                                                |         |          |
 | `clientCertificate` | Base64 encoded client certificate the action uses to authenticate with Vault when mTLS is enabled.                                                   |         |          |
 | `clientKey`         | Base64 encoded client key the action uses to authenticate with Vault when mTLS is enabled.                                                           |         |          |
diff --git a/action.yml b/action.yml
index fc8a2d0..b6b4ae3 100644
--- a/action.yml
+++ b/action.yml
@@ -36,6 +36,10 @@ inputs:
     description: 'Whether or not export secrets as environment variables.'
     default: 'true'
     required: false
+  exportToken:
+    description: 'Whether or not export Vault token as environment variables.'
+    default: 'false'
+    required: false
   caCertificate:
     description: 'Base64 encoded CA certificate to verify the Vault server certificate.'
     required: false
diff --git a/src/action.js b/src/action.js
index e6875ee..82cd5ed 100644
--- a/src/action.js
+++ b/src/action.js
@@ -12,6 +12,7 @@ async function exportSecrets() {
     const vaultNamespace = core.getInput('namespace', { required: false });
     const extraHeaders = parseHeadersInput('extraHeaders', { required: false });
     const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
+    const exportToken = core.getInput('exportToken', { required: false }) != 'false';
 
     const secretsInput = core.getInput('secrets', { required: true });
     const secretRequests = parseSecretsInput(secretsInput);
@@ -60,6 +61,11 @@ async function exportSecrets() {
     defaultOptions.headers['X-Vault-Token'] = vaultToken;
     const client = got.extend(defaultOptions);
 
+    if (exportToken) {
+        command.issue('add-mask', vaultToken);
+        core.exportVariable('VAULT_TOKEN', `${vaultToken}`);
+    }
+
     const requests = secretRequests.map(request => {
         const { path, selector } = request;
         return request;