feat: add http2 support for Vault communication

README.md

@@ -25,20 +25,54 @@ is not meant to modify Vault’s state.
     - [Userpass](#userpass)
     - [Ldap](#ldap)
     - [Other Auth Methods](#other-auth-methods)
-    - [Custom Path](#custom-path-name)
+    - [Custom Path Name](#custom-path-name)
   - [Key Syntax](#key-syntax)
     - [Simple Key](#simple-key)
     - [Set Output Variable Name](#set-output-variable-name)
     - [Multiple Secrets](#multiple-secrets)
     - [KV secrets engine version 2](#kv-secrets-engine-version-2)
+  - [PKI Certificate Requests](#pki-certificate-requests)
   - [Other Secret Engines](#other-secret-engines)
   - [Adding Extra Headers](#adding-extra-headers)
   - [HashiCorp Cloud Platform or Vault Enterprise](#hashicorp-cloud-platform-or-vault-enterprise)
     - [Namespace](#namespace)
   - [Reference](#reference)
+    - [`url`](#url)
+    - [`secrets`](#secrets)
+    - [`namespace`](#namespace-1)
+    - [`method`](#method)
+    - [`role`](#role)
+    - [`path`](#path)
+    - [`token`](#token-1)
+    - [`roleId`](#roleid)
+    - [`secretId`](#secretid)
+    - [`githubToken`](#githubtoken)
+    - [`jwtPrivateKey`](#jwtprivatekey)
+    - [`jwtKeyPassword`](#jwtkeypassword)
+    - [`jwtGithubAudience`](#jwtgithubaudience)
+    - [`jwtTtl`](#jwtttl)
+    - [`kubernetesTokenPath`](#kubernetestokenpath)
+    - [`username`](#username)
+    - [`password`](#password)
+    - [`authPayload`](#authpayload)
+    - [`extraHeaders`](#extraheaders)
+    - [`http2`](#http2)
+    - [`exportEnv`](#exportenv)
+    - [`exportToken`](#exporttoken)
+    - [`outputToken`](#outputtoken)
+    - [`caCertificate`](#cacertificate)
+    - [`clientCertificate`](#clientcertificate)
+    - [`clientKey`](#clientkey)
+    - [`tlsSkipVerify`](#tlsskipverify)
+    - [`ignoreNotFound`](#ignorenotfound)
   - [Masking - Hiding Secrets from Logs](#masking---hiding-secrets-from-logs)
   - [Normalization](#normalization)
   - [Contributing](#contributing)
+    - [Build](#build)
+    - [Vault test instance](#vault-test-instance)
+    - [Running unit tests](#running-unit-tests)
+    - [Running acceptance tests](#running-acceptance-tests)
+    - [Running the action locally](#running-the-action-locally)
 
 <!-- /TOC -->
 
@@ -673,6 +707,13 @@ The JSON payload to be sent to Vault when using a custom authentication method.
 
 A string of newline separated extra headers to include on every request.
 
+### `http2`
+
+**Type: `string`**\
+**Default: `false`**
+
+Whether or not to use HTTP/2 when communicating with the Vault server.
+
 ### `exportEnv`
 
 **Type: `string`**\

action.yml

@@ -51,6 +51,10 @@ inputs:
   extraHeaders:
     description: 'A string of newline separated extra headers to include on every request.'
     required: false
+  http2:
+    description: 'Whether or not to use HTTP/2 when communicating with the Vault server.'
+    default: 'false'
+    required: false
   exportEnv:
     description: 'Whether or not export secrets as environment variables.'
     default: 'true'

src/action.js

@@ -54,6 +54,11 @@ async function exportSecrets() {
         }
     }
 
+    const http2 = (core.getInput('http2', { required: false }) || 'false').toLowerCase() != 'false';
+    if (http2 === true) {
+        defaultOptions.http2 = true;
+    }
+
     const tlsSkipVerify = (core.getInput('tlsSkipVerify', { required: false }) || 'false').toLowerCase() != 'false';
     if (tlsSkipVerify === true) {
         defaultOptions.https.rejectUnauthorized = false;