New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Environment variables vs outputs #14
Labels
enhancement
New feature or request
Comments
Thanks for the feedback, we'll note this as an enhancement request. |
This was referenced May 12, 2023
I really need this feature. When this action is called twice, it causes the following error:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi
In the readme, you mention that environment variables are available to all steps within a job and that we should work to prevent them from being exploited or misused by malicious actions.
Would this issue be negated if the
get-secrets
action wrote the secrets as outputs rather than environment variables? The secrets wouldn't be automatically available to other steps, but could be passed into them explicitly as required, by the job itself.From a security point of view, this feels to me like the more secure option; is there another advantage that environment variables have over outputs that would prevent this from being done?
The text was updated successfully, but these errors were encountered: