diff --git a/CHANGELOG.md b/CHANGELOG.md
index f246370..12b3db7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## Unreleased
 
+Improvements:
+
+* Support for HTTP/2 via new `http2` input (default `false`) to opt in to HTTP/2 communication with Vault.
+
 ## 3.4.0 (June 13, 2025)
 
 Bugs:
diff --git a/README.md b/README.md
index b3939f5..4acf426 100644
--- a/README.md
+++ b/README.md
@@ -673,6 +673,13 @@ The JSON payload to be sent to Vault when using a custom authentication method.
 
 A string of newline separated extra headers to include on every request.
 
+### `http2`
+
+**Type: `string`**\
+**Default: `false`**
+
+Whether or not to use HTTP/2 when communicating with the Vault server.
+
 ### `exportEnv`
 
 **Type: `string`**\
diff --git a/action.yml b/action.yml
index 94c738a..fa3107a 100644
--- a/action.yml
+++ b/action.yml
@@ -51,6 +51,10 @@ inputs:
   extraHeaders:
     description: 'A string of newline separated extra headers to include on every request.'
     required: false
+  http2:
+    description: 'Whether or not to use HTTP/2 when communicating with the Vault server.'
+    default: 'false'
+    required: false
   exportEnv:
     description: 'Whether or not export secrets as environment variables.'
     default: 'true'
diff --git a/src/action.js b/src/action.js
index 3dcf1f4..9ae0fa8 100644
--- a/src/action.js
+++ b/src/action.js
@@ -54,6 +54,11 @@ async function exportSecrets() {
         }
     }
 
+    const http2 = (core.getInput('http2', { required: false }) || 'false').toLowerCase() != 'false';
+    if (http2 === true) {
+        defaultOptions.http2 = true;
+    }
+
     const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
     if (tlsSkipVerify === true) {
         defaultOptions.https.rejectUnauthorized = false;