diff --git a/CHANGELOG.md b/CHANGELOG.md
index d28554d..4f9befe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## Unreleased
 
+Features:
+
+* `secretId` is no longer required for approle to support advanced use cases like machine login when `bind_secret_id` is false. [GH-522](https://github.com/hashicorp/vault-action/pull/522)
+
 ## 3.0.0 (February 15, 2024)
 
 Improvements:
diff --git a/src/auth.js b/src/auth.js
index 331083a..630ad1e 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -17,7 +17,7 @@ async function retrieveToken(method, client) {
     switch (method) {
         case 'approle': {
             const vaultRoleId = core.getInput('roleId', { required: true });
-            const vaultSecretId = core.getInput('secretId', { required: true });
+            const vaultSecretId = core.getInput('secretId', { required: false });
             return await getClientToken(client, method, path, { role_id: vaultRoleId, secret_id: vaultSecretId });
         }
         case 'github': {