approle: do not require secret_id (#522)

* approle: support bind_secret_id

* add changelog

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## Unreleased
 
+Features:
+
+* `secretId` is no longer required for approle to support advanced use cases like machine login when `bind_secret_id` is false. [GH-522](https://github.com/hashicorp/vault-action/pull/522)
+
 ## 3.0.0 (February 15, 2024)
 
 Improvements:

src/auth.js

@@ -17,7 +17,7 @@ async function retrieveToken(method, client) {
     switch (method) {
         case 'approle': {
             const vaultRoleId = core.getInput('roleId', { required: true });
-            const vaultSecretId = core.getInput('secretId', { required: true });
+            const vaultSecretId = core.getInput('secretId', { required: false });
             return await getClientToken(client, method, path, { role_id: vaultRoleId, secret_id: vaultSecretId });
         }
         case 'github': {