Enable using loaded secrets from step's output

action.yml

@@ -8,6 +8,9 @@ inputs:
   unset-previous:
     description: Whether to unset environment variables populated by 1Password in earlier job steps
     default: false
+  export-env:
+    description: Export the secrets as environment variables
+    default: false
 runs:
   using: 'node12'
   main: 'dist/index.js'

entrypoint.sh

@@ -62,19 +62,28 @@ for env_var in $(op env ls); do
   done
   unset IFS
 
-  # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
+  if [ "$INPUT_EXPORT_ENV" == "true" ]; then
-  # As the heredoc identifier, we'll use a randomly generated 64-character string,
+    # To support multiline secrets, we'll use the heredoc syntax to populate the environment variables.
-  # so that collisions are practically impossible.
+    # As the heredoc identifier, we'll use a randomly generated 64-character string,
-  random_heredoc_identifier=$(openssl rand -hex 16)
+    # so that collisions are practically impossible.
+    random_heredoc_identifier=$(openssl rand -hex 16)
+  
+    {
+      # Populate env var, using heredoc syntax with generated identifier
+      echo "$env_var<<${random_heredoc_identifier}"
+      echo "$secret_value"
+      echo "${random_heredoc_identifier}"
+    } >> $GITHUB_ENV
 
-  {
+    managed_variables+=("$env_var")
-    # Populate env var, using heredoc syntax with generated identifier
+
-    echo "$env_var<<${random_heredoc_identifier}"
+  else
-    echo "$secret_value"
+    # Prepare the secret_value to be outputed properly (especially multiline secrets)
-    echo "${random_heredoc_identifier}"
+    secret_value=$(echo "$secret_value" | awk -v ORS='%0A' '1')
-  } >> $GITHUB_ENV
+
+    echo "::set-output name=$env_var::$secret_value"
+  fi
 
-  managed_variables+=("$env_var")
 done
 unset IFS