Merge pull request #146 from 1Password/release/v3.2.1

Prepare Release v3.2.1
Remove binary
2026-03-02 19:32:56 -05:00 · 2026-03-02 19:13:10 -05:00 · 2026-03-02 19:03:41 -05:00 · 2026-03-02 19:01:19 -05:00 · 2026-03-02 18:41:50 -05:00 · 2026-03-02 15:21:21 -05:00
18 changed files with 37226 additions and 33501 deletions
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -21,10 +21,7 @@ on:
      OP_SERVICE_ACCOUNT_TOKEN:
        required: true
      VAULT:
-        description: "1Password vault name"
-        required: true
-      VAULT_ID:
-        description: "1Password vault UUID"
+        description: "1Password vault name or UUID"
        required: true

 jobs:
@@ -59,23 +56,9 @@ jobs:
      - name: Generate .env.tpl
        shell: bash
        run: |
-          mkdir -p tests
          echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl
          echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl
          echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl
-          echo "SECRET_WITH_FILE=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl
-          echo "SECRET_WITH_FILE_IN_SECTION=op://${{ secrets.VAULT }}/file-secret/file section/test.txt" >> tests/.env.tpl
-          echo "DOUBLE_SECTION_SECRET=op://${{ secrets.VAULT }}/double-section-secret/test-section/password" >> tests/.env.tpl
-
-      - name: Generate .vaultId_env.tpl
-        shell: bash
-        run: |
-          echo "FILE_SECRET=op://${{ secrets.VAULT_ID }}/test-secret/password" > tests/.vaultId_env.tpl
-          echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT_ID }}/test-secret/test-section/password" >> tests/.vaultId_env.tpl
-          echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT_ID }}/multiline-secret/notesPlain" >> tests/.vaultId_env.tpl
-          echo "SECRET_WITH_FILE=op://${{ secrets.VAULT_ID }}/file-secret/test.txt" >> tests/.vaultId_env.tpl
-          echo "SECRET_WITH_FILE_IN_SECTION=op://${{ secrets.VAULT_ID }}/file-secret/file section/test.txt" >> tests/.vaultId_env.tpl
-          echo "DOUBLE_SECTION_SECRET=op://${{ secrets.VAULT_ID }}/double-section-secret/test-section/password" >> tests/.vaultId_env.tpl

      - name: Configure Service account
        uses: ./configure
@@ -92,9 +75,6 @@ jobs:
          SECRET: op://${{ secrets.VAULT }}/test-secret/password
          SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password
          MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain
-          SECRET_WITH_FILE: op://${{ secrets.VAULT }}/file-secret/test.txt
-          SECRET_WITH_FILE_IN_SECTION: op://${{ secrets.VAULT }}/file-secret/file section/test.txt
-          DOUBLE_SECTION_SECRET: op://${{ secrets.VAULT }}/double-section-secret/test-section/password
          OP_ENV_FILE: ./tests/.env.tpl

      - name: Assert test secret values [step output]
@@ -107,9 +87,6 @@ jobs:
          FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }}
          FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }}
          FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }}
-          SECRET_WITH_FILE: ${{ steps.load_secrets.outputs.SECRET_WITH_FILE }}
-          SECRET_WITH_FILE_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_WITH_FILE_IN_SECTION }}
-          DOUBLE_SECTION_SECRET: ${{ steps.load_secrets.outputs.DOUBLE_SECTION_SECRET }}
        run: ./tests/assert-env-set.sh

      - name: Assert test secret values [exported env]
@@ -128,51 +105,6 @@ jobs:
        shell: bash
        run: ./tests/assert-env-unset.sh

-      - name: Load secrets (invalid ref - expect failure)
-        id: load_invalid
-        continue-on-error: true
-        uses: ./
-        env:
-          BAD_REF: "op://x"
-        with:
-          export-env: true
-
-      - name: Assert invalid ref failed
-        shell: bash
-        run: ./tests/assert-invalid-ref-failed.sh
-        env:
-          STEP_OUTCOME: ${{ steps.load_invalid.outcome }}
-
-      - name: Load secrets by vault ID
-        id: load_secrets_by_vault_id
-        uses: ./
-        with:
-          version: ${{ matrix.version }}
-          export-env: ${{ matrix.export-env }}
-        env:
-          SECRET: op://${{ secrets.VAULT_ID }}/test-secret/password
-          SECRET_IN_SECTION: op://${{ secrets.VAULT_ID }}/test-secret/test-section/password
-          MULTILINE_SECRET: op://${{ secrets.VAULT_ID }}/multiline-secret/notesPlain
-          SECRET_WITH_FILE: op://${{ secrets.VAULT_ID }}/file-secret/test.txt
-          SECRET_WITH_FILE_IN_SECTION: op://${{ secrets.VAULT_ID }}/file-secret/file section/test.txt
-          DOUBLE_SECTION_SECRET: op://${{ secrets.VAULT_ID }}/double-section-secret/test-section/password
-          OP_ENV_FILE: ./tests/.vaultId_env.tpl
-
-      - name: Assert test secret values [vault by ID]
-        if: ${{ !matrix.export-env }}
-        shell: bash
-        env:
-          SECRET: ${{ steps.load_secrets_by_vault_id.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets_by_vault_id.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.MULTILINE_SECRET }}
-          FILE_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.FILE_SECRET }}
-          FILE_SECRET_IN_SECTION: ${{ steps.load_secrets_by_vault_id.outputs.FILE_SECRET_IN_SECTION }}
-          FILE_MULTILINE_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.FILE_MULTILINE_SECRET }}
-          SECRET_WITH_FILE: ${{ steps.load_secrets_by_vault_id.outputs.SECRET_WITH_FILE }}
-          SECRET_WITH_FILE_IN_SECTION: ${{ steps.load_secrets_by_vault_id.outputs.SECRET_WITH_FILE_IN_SECTION }}
-          DOUBLE_SECTION_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.DOUBLE_SECTION_SECRET }}
-        run: ./tests/assert-env-set.sh
-
  test-connect:
    name: Connect (ubuntu-latest, ${{ matrix.version }}, export-env=${{ matrix.export-env }})
    runs-on: ubuntu-latest
@@ -207,25 +139,13 @@ jobs:
          echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl
          echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl
          echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl
-          echo "SECRET_WITH_FILE=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl
-          echo "SECRET_WITH_FILE_IN_SECTION=op://${{ secrets.VAULT }}/file-secret/file section/test.txt" >> tests/.env.tpl
-          echo "DOUBLE_SECTION_SECRET=op://${{ secrets.VAULT }}/double-section-secret/test-section/password" >> tests/.env.tpl
-
-      - name: Generate .vaultId_env.tpl
-        run: |
-          echo "FILE_SECRET=op://${{ secrets.VAULT_ID }}/test-secret/password" > tests/.vaultId_env.tpl
-          echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT_ID }}/test-secret/test-section/password" >> tests/.vaultId_env.tpl
-          echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT_ID }}/multiline-secret/notesPlain" >> tests/.vaultId_env.tpl
-          echo "SECRET_WITH_FILE=op://${{ secrets.VAULT_ID }}/file-secret/test.txt" >> tests/.vaultId_env.tpl
-          echo "SECRET_WITH_FILE_IN_SECTION=op://${{ secrets.VAULT_ID }}/file-secret/file section/test.txt" >> tests/.vaultId_env.tpl
-          echo "DOUBLE_SECTION_SECRET=op://${{ secrets.VAULT_ID }}/double-section-secret/test-section/password" >> tests/.vaultId_env.tpl

      - name: Launch 1Password Connect instance
        env:
          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
        run: |
          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
-          docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 30
+          docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10

      - name: Configure 1Password Connect
        uses: ./configure
@@ -243,9 +163,6 @@ jobs:
          SECRET: op://${{ secrets.VAULT }}/test-secret/password
          SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password
          MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain
-          SECRET_WITH_FILE: op://${{ secrets.VAULT }}/file-secret/test.txt
-          SECRET_WITH_FILE_IN_SECTION: op://${{ secrets.VAULT }}/file-secret/file section/test.txt
-          DOUBLE_SECTION_SECRET: op://${{ secrets.VAULT }}/double-section-secret/test-section/password
          OP_ENV_FILE: ./tests/.env.tpl

      - name: Assert test secret values [step output]
@@ -257,9 +174,6 @@ jobs:
          FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }}
          FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }}
          FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }}
-          SECRET_WITH_FILE: ${{ steps.load_secrets.outputs.SECRET_WITH_FILE }}
-          SECRET_WITH_FILE_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_WITH_FILE_IN_SECTION }}
-          DOUBLE_SECTION_SECRET: ${{ steps.load_secrets.outputs.DOUBLE_SECTION_SECRET }}
        run: ./tests/assert-env-set.sh

      - name: Assert test secret values [exported env]
@@ -275,48 +189,3 @@ jobs:
      - name: Assert removed secrets [exported env]
        if: ${{ matrix.export-env }}
        run: ./tests/assert-env-unset.sh
-
-      - name: Load secrets (invalid ref - expect failure)
-        id: load_invalid
-        continue-on-error: true
-        uses: ./
-        env:
-          BAD_REF: "op://x"
-        with:
-          export-env: true
-
-      - name: Assert invalid ref failed
-        shell: bash
-        run: ./tests/assert-invalid-ref-failed.sh
-        env:
-          STEP_OUTCOME: ${{ steps.load_invalid.outcome }}
-
-      - name: Load secrets by vault ID
-        id: load_secrets_by_vault_id
-        uses: ./
-        with:
-          version: ${{ matrix.version }}
-          export-env: ${{ matrix.export-env }}
-        env:
-          SECRET: op://${{ secrets.VAULT_ID }}/test-secret/password
-          SECRET_IN_SECTION: op://${{ secrets.VAULT_ID }}/test-secret/test-section/password
-          MULTILINE_SECRET: op://${{ secrets.VAULT_ID }}/multiline-secret/notesPlain
-          SECRET_WITH_FILE: op://${{ secrets.VAULT_ID }}/file-secret/test.txt
-          SECRET_WITH_FILE_IN_SECTION: op://${{ secrets.VAULT_ID }}/file-secret/file section/test.txt
-          DOUBLE_SECTION_SECRET: op://${{ secrets.VAULT_ID }}/double-section-secret/test-section/password
-          OP_ENV_FILE: ./tests/.vaultId_env.tpl
-
-      - name: Assert test secret values [vault by ID]
-        if: ${{ !matrix.export-env }}
-        shell: bash
-        env:
-          SECRET: ${{ steps.load_secrets_by_vault_id.outputs.SECRET }}
-          SECRET_IN_SECTION: ${{ steps.load_secrets_by_vault_id.outputs.SECRET_IN_SECTION }}
-          MULTILINE_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.MULTILINE_SECRET }}
-          FILE_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.FILE_SECRET }}
-          FILE_SECRET_IN_SECTION: ${{ steps.load_secrets_by_vault_id.outputs.FILE_SECRET_IN_SECTION }}
-          FILE_MULTILINE_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.FILE_MULTILINE_SECRET }}
-          SECRET_WITH_FILE: ${{ steps.load_secrets_by_vault_id.outputs.SECRET_WITH_FILE }}
-          SECRET_WITH_FILE_IN_SECTION: ${{ steps.load_secrets_by_vault_id.outputs.SECRET_WITH_FILE_IN_SECTION }}
-          DOUBLE_SECTION_SECRET: ${{ steps.load_secrets_by_vault_id.outputs.DOUBLE_SECTION_SECRET }}
-        run: ./tests/assert-env-set.sh
--- a/.github/workflows/test-e2e.yml
+++ b/.github/workflows/test-e2e.yml
@@ -91,7 +91,6 @@ jobs:
      OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
      VAULT: ${{ secrets.VAULT }}
-      VAULT_ID: ${{ secrets.VAULT_ID }}

  # Post comment on fork PRs after /ok-to-test
  comment-pr:
--- a/config/jest.config.js
+++ b/config/jest.config.js
@@ -10,6 +10,11 @@ const jestConfig = {
 	rootDir: "../src/",
 	testEnvironment: "node",
 	testRegex: "(/__tests__/.*|(\\.|/)test)\\.ts",
+	moduleNameMapper: {
+		"^@actions/core$": "<rootDir>/__mocks__/actions-core.ts",
+		"^@actions/tool-cache$": "<rootDir>/__mocks__/actions-tool-cache.ts",
+		"^@actions/exec$": "<rootDir>/__mocks__/actions-exec.ts",
+	},
 	transform: {
 		".ts": [
 			"ts-jest",
@@ -25,4 +30,4 @@ const jestConfig = {
 	verbose: true,
 };

-export default jestConfig;
+module.exports = jestConfig;
--- a/configure/dist/index.js
+++ b/configure/dist/index.js
--- a/configure/index.js
+++ b/configure/index.js
@@ -1,4 +1,4 @@
-const core = require("@actions/core");
+import * as core from "@actions/core";

 const configure = () => {
 	const OP_CONNECT_HOST =
--- a/dist/index.js
+++ b/dist/index.js
--- a/docs/local-testing.md
+++ b/docs/local-testing.md
@@ -17,8 +17,7 @@ This document explains how to run e2e tests locally using `act`.
 | Secret                     | Description           |
 | -------------------------- | --------------------- |
 | `OP_SERVICE_ACCOUNT_TOKEN` | Service Account token |
-| `VAULT`                    | Vault name            |
-| `VAULT_ID`                 | Vault UUID            |
+| `VAULT`                    | Vault name or UUID    |

 ## Building Before Testing

--- a/package-lock.json
+++ b/package-lock.json
@@ -1,20 +1,18 @@
 {
 	"name": "load-secrets-action",
-	"version": "3.1.0",
+	"version": "3.2.1",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "load-secrets-action",
-			"version": "3.1.0",
+			"version": "3.2.1",
 			"license": "MIT",
 			"dependencies": {
-				"@1password/connect": "^1.4.2",
 				"@1password/op-js": "^0.1.11",
-				"@1password/sdk": "^0.4.0",
-				"@actions/core": "^1.10.1",
-				"@actions/exec": "^1.1.1",
-				"@actions/tool-cache": "^2.0.2",
+				"@actions/core": "^3.0.0",
+				"@actions/exec": "^3.0.0",
+				"@actions/tool-cache": "^4.0.0",
 				"dotenv": "^17.2.2"
 			},
 			"devDependencies": {
@@ -30,19 +28,6 @@
 				"typescript": "^5.4.2"
 			}
 		},
-		"node_modules/@1password/connect": {
-			"version": "1.4.2",
-			"resolved": "https://registry.npmjs.org/@1password/connect/-/connect-1.4.2.tgz",
-			"integrity": "sha512-CxcDQIr76nloWwGWRrmz/U7DuU65WKrN/yarq45LrC3L6b/pC7bZyskvougadG32fRwBieLJX143lTI8T1bAtQ==",
-			"license": "MIT",
-			"dependencies": {
-				"axios": "^1.10.0",
-				"debug": "^4.4.1",
-				"lodash.clonedeep": "^4.5.0",
-				"slugify": "^1.6.6",
-				"uuid": "^9.0.1"
-			}
-		},
 		"node_modules/@1password/eslint-config": {
 			"version": "4.3.1",
 			"resolved": "https://registry.npmjs.org/@1password/eslint-config/-/eslint-config-4.3.1.tgz",
@@ -87,74 +72,50 @@
 				"prettier": "^2.0.0 || ^3.0.0"
 			}
 		},
-		"node_modules/@1password/sdk": {
-			"version": "0.4.0",
-			"resolved": "https://registry.npmjs.org/@1password/sdk/-/sdk-0.4.0.tgz",
-			"integrity": "sha512-RIypujc9R/UeUaobjyClTYokqRFpcaIkHq+EO/X9XoHId98Vg+SbjwGV+yygRC4MyHwYNo1KP1iEbZcqJ4ZTdw==",
-			"license": "MIT",
-			"dependencies": {
-				"@1password/sdk-core": "0.4.0"
-			}
-		},
-		"node_modules/@1password/sdk-core": {
-			"version": "0.4.0",
-			"resolved": "https://registry.npmjs.org/@1password/sdk-core/-/sdk-core-0.4.0.tgz",
-			"integrity": "sha512-vjeI1o4wiONY+t1naA4dtUp6HktdLH1D2S+tN1Lh4l41S9XIUHxrljov9B5u6G+VHr7f2MUoxmzXA9zT3aokQQ==",
-			"license": "MIT"
-		},
 		"node_modules/@actions/core": {
-			"version": "1.11.1",
-			"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-			"integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
+			"version": "3.0.0",
+			"resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.0.tgz",
+			"integrity": "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg==",
 			"license": "MIT",
 			"dependencies": {
-				"@actions/exec": "^1.1.1",
-				"@actions/http-client": "^2.0.1"
+				"@actions/exec": "^3.0.0",
+				"@actions/http-client": "^4.0.0"
 			}
 		},
 		"node_modules/@actions/exec": {
-			"version": "1.1.1",
-			"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
-			"integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-			"license": "MIT",
+			"version": "3.0.0",
+			"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
+			"integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
 			"dependencies": {
-				"@actions/io": "^1.0.1"
+				"@actions/io": "^3.0.2"
 			}
 		},
 		"node_modules/@actions/http-client": {
-			"version": "2.2.3",
-			"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
-			"integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
+			"version": "4.0.0",
+			"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.0.tgz",
+			"integrity": "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g==",
 			"license": "MIT",
 			"dependencies": {
 				"tunnel": "^0.0.6",
-				"undici": "^5.25.4"
+				"undici": "^6.23.0"
 			}
 		},
 		"node_modules/@actions/io": {
-			"version": "1.1.3",
-			"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
-			"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
-			"license": "MIT"
+			"version": "3.0.2",
+			"resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
+			"integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw=="
 		},
 		"node_modules/@actions/tool-cache": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/@actions/tool-cache/-/tool-cache-2.0.2.tgz",
-			"integrity": "sha512-fBhNNOWxuoLxztQebpOaWu6WeVmuwa77Z+DxIZ1B+OYvGkGQon6kTVg6Z32Cb13WCuw0szqonK+hh03mJV7Z6w==",
+			"version": "4.0.0",
+			"resolved": "https://registry.npmjs.org/@actions/tool-cache/-/tool-cache-4.0.0.tgz",
+			"integrity": "sha512-L8P9HbXvpvqjZDveb/fdsa55IVC0trfPgQ4ZwGo6r5af6YDVdM9vMGPZ7rgY2fAT9gGj4PSYd6bYlg3p3jD78A==",
+			"license": "MIT",
 			"dependencies": {
-				"@actions/core": "^1.11.1",
-				"@actions/exec": "^1.0.0",
-				"@actions/http-client": "^2.0.1",
-				"@actions/io": "^1.1.1",
-				"semver": "^6.1.0"
-			}
-		},
-		"node_modules/@actions/tool-cache/node_modules/semver": {
-			"version": "6.3.1",
-			"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
-			"integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
-			"bin": {
-				"semver": "bin/semver.js"
+				"@actions/core": "^3.0.0",
+				"@actions/exec": "^3.0.0",
+				"@actions/http-client": "^4.0.0",
+				"@actions/io": "^3.0.0",
+				"semver": "^7.7.3"
 			}
 		},
 		"node_modules/@ampproject/remapping": {
@@ -789,15 +750,6 @@
 				"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
 			}
 		},
-		"node_modules/@fastify/busboy": {
-			"version": "2.1.1",
-			"resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
-			"integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
-			"license": "MIT",
-			"engines": {
-				"node": ">=14"
-			}
-		},
 		"node_modules/@humanwhocodes/config-array": {
 			"version": "0.13.0",
 			"resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz",
@@ -1994,12 +1946,6 @@
 			"dev": true,
 			"license": "MIT"
 		},
-		"node_modules/asynckit": {
-			"version": "0.4.0",
-			"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-			"integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
-			"license": "MIT"
-		},
 		"node_modules/available-typed-arrays": {
 			"version": "1.0.7",
 			"resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz",
@@ -2026,17 +1972,6 @@
 				"node": ">=4"
 			}
 		},
-		"node_modules/axios": {
-			"version": "1.13.5",
-			"resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
-			"integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
-			"license": "MIT",
-			"dependencies": {
-				"follow-redirects": "^1.15.11",
-				"form-data": "^4.0.5",
-				"proxy-from-env": "^1.1.0"
-			}
-		},
 		"node_modules/axobject-query": {
 			"version": "4.1.0",
 			"resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-4.1.0.tgz",
@@ -2303,6 +2238,7 @@
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.1.tgz",
 			"integrity": "sha512-BhYE+WDaywFg2TBWYNXAE+8B1ATnThNBqXHP5nQu0jWJdVvY2hvkpyB3qOmtmDePiS5/BDQ8wASEWGMWRG148g==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"es-errors": "^1.3.0",
@@ -2547,18 +2483,6 @@
 			"dev": true,
 			"license": "MIT"
 		},
-		"node_modules/combined-stream": {
-			"version": "1.0.8",
-			"resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
-			"integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
-			"license": "MIT",
-			"dependencies": {
-				"delayed-stream": "~1.0.0"
-			},
-			"engines": {
-				"node": ">= 0.8"
-			}
-		},
 		"node_modules/commander": {
 			"version": "12.1.0",
 			"resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz",
@@ -2692,9 +2616,10 @@
 			}
 		},
 		"node_modules/debug": {
-			"version": "4.4.3",
-			"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
-			"integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+			"version": "4.4.0",
+			"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
+			"integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"ms": "^2.1.3"
@@ -2777,15 +2702,6 @@
 				"url": "https://github.com/sponsors/ljharb"
 			}
 		},
-		"node_modules/delayed-stream": {
-			"version": "1.0.0",
-			"resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-			"integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
-			"license": "MIT",
-			"engines": {
-				"node": ">=0.4.0"
-			}
-		},
 		"node_modules/detect-newline": {
 			"version": "3.1.0",
 			"resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz",
@@ -2849,6 +2765,7 @@
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
 			"integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"call-bind-apply-helpers": "^1.0.1",
@@ -2992,6 +2909,7 @@
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
 			"integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">= 0.4"
@@ -3001,6 +2919,7 @@
 			"version": "1.3.0",
 			"resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
 			"integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">= 0.4"
@@ -3037,6 +2956,7 @@
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz",
 			"integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"es-errors": "^1.3.0"
@@ -3046,15 +2966,15 @@
 			}
 		},
 		"node_modules/es-set-tostringtag": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
-			"integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+			"version": "2.0.3",
+			"resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.3.tgz",
+			"integrity": "sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
-				"es-errors": "^1.3.0",
-				"get-intrinsic": "^1.2.6",
+				"get-intrinsic": "^1.2.4",
 				"has-tostringtag": "^1.0.2",
-				"hasown": "^2.0.2"
+				"hasown": "^2.0.1"
 			},
 			"engines": {
 				"node": ">= 0.4"
@@ -3887,26 +3807,6 @@
 			"license": "ISC",
 			"peer": true
 		},
-		"node_modules/follow-redirects": {
-			"version": "1.15.11",
-			"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
-			"integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==",
-			"funding": [
-				{
-					"type": "individual",
-					"url": "https://github.com/sponsors/RubenVerborgh"
-				}
-			],
-			"license": "MIT",
-			"engines": {
-				"node": ">=4.0"
-			},
-			"peerDependenciesMeta": {
-				"debug": {
-					"optional": true
-				}
-			}
-		},
 		"node_modules/for-each": {
 			"version": "0.3.3",
 			"resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz",
@@ -3917,22 +3817,6 @@
 				"is-callable": "^1.1.3"
 			}
 		},
-		"node_modules/form-data": {
-			"version": "4.0.5",
-			"resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
-			"integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
-			"license": "MIT",
-			"dependencies": {
-				"asynckit": "^0.4.0",
-				"combined-stream": "^1.0.8",
-				"es-set-tostringtag": "^2.1.0",
-				"hasown": "^2.0.2",
-				"mime-types": "^2.1.12"
-			},
-			"engines": {
-				"node": ">= 6"
-			}
-		},
 		"node_modules/fs.realpath": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -3959,6 +3843,7 @@
 			"version": "1.1.2",
 			"resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
 			"integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+			"dev": true,
 			"license": "MIT",
 			"funding": {
 				"url": "https://github.com/sponsors/ljharb"
@@ -4031,6 +3916,7 @@
 			"version": "1.2.6",
 			"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.6.tgz",
 			"integrity": "sha512-qxsEs+9A+u85HhllWJJFicJfPDhRmjzoYdl64aMWW9yRIJmSyxdn8IEkuIM530/7T+lv0TIHd8L6Q/ra0tEoeA==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"call-bind-apply-helpers": "^1.0.1",
@@ -4187,6 +4073,7 @@
 			"version": "1.2.0",
 			"resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
 			"integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">= 0.4"
@@ -4272,6 +4159,7 @@
 			"version": "1.1.0",
 			"resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
 			"integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">= 0.4"
@@ -4284,6 +4172,7 @@
 			"version": "1.0.2",
 			"resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
 			"integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"has-symbols": "^1.0.3"
@@ -4299,6 +4188,7 @@
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
 			"integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"function-bind": "^1.1.2"
@@ -6029,12 +5919,6 @@
 				"node": ">=8"
 			}
 		},
-		"node_modules/lodash.clonedeep": {
-			"version": "4.5.0",
-			"resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
-			"integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==",
-			"license": "MIT"
-		},
 		"node_modules/lodash.memoize": {
 			"version": "4.1.2",
 			"resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz",
@@ -6233,6 +6117,7 @@
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.0.0.tgz",
 			"integrity": "sha512-4MqMiKP90ybymYvsut0CH2g4XWbfLtmlCkXmtmdcDCxNB+mQcu1w/1+L/VD7vi/PSv7X2JYV7SCcR+jiPXnQtA==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">= 0.4"
@@ -6269,27 +6154,6 @@
 				"node": ">=8.6"
 			}
 		},
-		"node_modules/mime-db": {
-			"version": "1.52.0",
-			"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-			"integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-			"license": "MIT",
-			"engines": {
-				"node": ">= 0.6"
-			}
-		},
-		"node_modules/mime-types": {
-			"version": "2.1.35",
-			"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-			"integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-			"license": "MIT",
-			"dependencies": {
-				"mime-db": "1.52.0"
-			},
-			"engines": {
-				"node": ">= 0.6"
-			}
-		},
 		"node_modules/mimic-fn": {
 			"version": "2.1.0",
 			"resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
@@ -6340,6 +6204,7 @@
 			"version": "2.1.3",
 			"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
 			"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/natural-compare": {
@@ -6825,12 +6690,6 @@
 			"dev": true,
 			"license": "MIT"
 		},
-		"node_modules/proxy-from-env": {
-			"version": "1.1.0",
-			"resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
-			"integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
-			"license": "MIT"
-		},
 		"node_modules/punycode": {
 			"version": "2.3.1",
 			"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
@@ -7146,9 +7005,9 @@
 			}
 		},
 		"node_modules/semver": {
-			"version": "7.6.3",
-			"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-			"integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+			"version": "7.7.4",
+			"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+			"integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
 			"license": "ISC",
 			"bin": {
 				"semver": "bin/semver.js"
@@ -7344,15 +7203,6 @@
 				"url": "https://github.com/chalk/ansi-styles?sponsor=1"
 			}
 		},
-		"node_modules/slugify": {
-			"version": "1.6.6",
-			"resolved": "https://registry.npmjs.org/slugify/-/slugify-1.6.6.tgz",
-			"integrity": "sha512-h+z7HKHYXj6wJU+AnS/+IH8Uh9fdcX1Lrhg1/VMdf9PwoBQXFcXiAdsy2tSK0P6gKwJLXp02r90ahUCqHk9rrw==",
-			"license": "MIT",
-			"engines": {
-				"node": ">=8.0.0"
-			}
-		},
 		"node_modules/source-map": {
 			"version": "0.6.1",
 			"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -8024,15 +7874,12 @@
 			}
 		},
 		"node_modules/undici": {
-			"version": "5.29.0",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
-			"integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+			"version": "6.23.0",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
+			"integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
 			"license": "MIT",
-			"dependencies": {
-				"@fastify/busboy": "^2.0.0"
-			},
 			"engines": {
-				"node": ">=14.0"
+				"node": ">=18.17"
 			}
 		},
 		"node_modules/undici-types": {
@@ -8084,19 +7931,6 @@
 				"punycode": "^2.1.0"
 			}
 		},
-		"node_modules/uuid": {
-			"version": "9.0.1",
-			"resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
-			"integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
-			"funding": [
-				"https://github.com/sponsors/broofa",
-				"https://github.com/sponsors/ctavan"
-			],
-			"license": "MIT",
-			"bin": {
-				"uuid": "dist/bin/uuid"
-			}
-		},
 		"node_modules/v8-to-istanbul": {
 			"version": "9.3.0",
 			"resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.3.0.tgz",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "load-secrets-action",
-	"version": "3.1.0",
+	"version": "3.2.1",
 	"description": "Load Secrets from 1Password",
 	"main": "dist/index.js",
 	"directories": {
@@ -41,11 +41,9 @@
 	"homepage": "https://github.com/1Password/load-secrets-action#readme",
 	"dependencies": {
 		"@1password/op-js": "^0.1.11",
-		"@1password/sdk": "^0.4.0",
-		"@1password/connect": "^1.4.2",
-		"@actions/core": "^1.10.1",
-		"@actions/exec": "^1.1.1",
-		"@actions/tool-cache": "^2.0.2",
+		"@actions/core": "^3.0.0",
+		"@actions/exec": "^3.0.0",
+		"@actions/tool-cache": "^4.0.0",
 		"dotenv": "^17.2.2"
 	},
 	"devDependencies": {
--- a/src/mocks/actions-core.ts
+++ b/src/mocks/actions-core.ts
@@ -0,0 +1,14 @@
+module.exports = {
+	getInput: jest.fn(() => ""),
+	getBooleanInput: jest.fn(() => false),
+	setOutput: jest.fn(),
+	setSecret: jest.fn(),
+	exportVariable: jest.fn(),
+	setFailed: jest.fn(),
+	info: jest.fn(),
+	warning: jest.fn(),
+	error: jest.fn(),
+	debug: jest.fn(),
+	addPath: jest.fn(),
+	isDebug: jest.fn(() => false),
+};
--- a/src/mocks/actions-exec.ts
+++ b/src/mocks/actions-exec.ts
@@ -0,0 +1,5 @@
+module.exports = {
+	getExecOutput: jest.fn(() => ({
+		stdout: "MOCK_SECRET",
+	})),
+};
--- a/src/mocks/actions-tool-cache.ts
+++ b/src/mocks/actions-tool-cache.ts
@@ -0,0 +1,10 @@
+module.exports = {
+	downloadTool: jest.fn(),
+	extractTar: jest.fn(),
+	extractZip: jest.fn(),
+	cacheDir: jest.fn<Promise<string>, [string]>(async (dir) => {
+		await Promise.resolve();
+		return dir;
+	}),
+	find: jest.fn<string, [string, string?, string?]>(() => ""),
+};
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,5 +1,7 @@
 import dotenv from "dotenv";
 import * as core from "@actions/core";
+import { validateCli } from "@1password/op-js";
+import { installCliOnGithubActionRunner } from "./op-cli-installer";
 import { loadSecrets, unsetPrevious, validateAuth } from "./utils";
 import { envFilePath } from "./constants";

@@ -24,6 +26,9 @@ const loadSecretsAction = async () => {
 			dotenv.config({ path: file });
 		}

+		// Download and install the CLI
+		await installCLI();
+
 		// Load secrets
 		await loadSecrets(shouldExportEnv);
 	} catch (error) {
@@ -34,10 +39,22 @@ const loadSecretsAction = async () => {
 		if (error instanceof Error) {
 			message = error.message;
 		} else {
-			message = String(error);
+			String(error);
 		}
 		core.setFailed(message);
 	}
 };

+// This function's name is an exception from the naming convention
+// since we refer to the 1Password CLI here.
+// eslint-disable-next-line @typescript-eslint/naming-convention
+const installCLI = async (): Promise<void> => {
+	// validateCli checks if there's an existing 1Password CLI installed on the runner.
+	// If there's no CLI installed, then validateCli will throw an error, which we will use
+	// as an indicator that we need to execute the installation script.
+	await validateCli().catch(async () => {
+		await installCliOnGithubActionRunner();
+	});
+};
+
 void loadSecretsAction();
--- a/src/utils.test.ts
+++ b/src/utils.test.ts
@@ -1,17 +1,11 @@
 import * as core from "@actions/core";
 import * as exec from "@actions/exec";
-import { read } from "@1password/op-js";
-import { createClient, Secrets } from "@1password/sdk";
-import { OnePasswordConnect, FullItem } from "@1password/connect";
+import { read, setClientInfo } from "@1password/op-js";
 import {
 	extractSecret,
 	loadSecrets,
 	unsetPrevious,
 	validateAuth,
-	findMatchingFieldAndFile,
-	findSectionIdsByQuery,
-	parseOpRef,
-	getEnvVarNamesWithSecretRefs,
 } from "./utils";
 import {
 	authErr,
@@ -21,21 +15,7 @@ import {
 	envServiceAccountToken,
 } from "./constants";

-jest.mock("@actions/core");
-jest.mock("@actions/exec", () => ({
-	getExecOutput: jest.fn(() => ({
-		stdout: "MOCK_SECRET",
-	})),
-}));
 jest.mock("@1password/op-js");
-jest.mock("@1password/sdk", () => ({
-	createClient: jest.fn(),
-	// eslint-disable-next-line @typescript-eslint/naming-convention
-	Secrets: {
-		validateSecretReference: jest.fn(),
-	},
-}));
-jest.mock("@1password/connect");

 beforeEach(() => {
 	jest.clearAllMocks();
@@ -157,227 +137,34 @@ describe("extractSecret", () => {
 	});
 });

-describe("loadSecrets when using Connect", () => {
-	beforeEach(() => {
-		process.env[envConnectHost] = "https://connect.example";
-		process.env[envConnectToken] = "test-token";
-		process.env[envServiceAccountToken] = "";
-
-		Object.keys(process.env).forEach((key) => {
-			if (
-				typeof process.env[key] === "string" &&
-				process.env[key]?.startsWith("op://")
-			) {
-				delete process.env[key];
-			}
-		});
-		process.env.MY_SECRET = "op://vault/item/field";
-
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: jest.fn().mockResolvedValue({ id: "vault-id-123" }),
-			getItem: jest.fn().mockResolvedValue({
-				fields: [
-					{ label: "field", value: "resolved-via-connect", section: undefined },
-				],
-				sections: [],
-			}),
-		});
-	});
-
-	it("resolves ref via Connect SDK and exports secret", async () => {
+describe("loadSecrets", () => {
+	it("sets the client info and gets the executed output", async () => {
 		await loadSecrets(true);

+		expect(setClientInfo).toHaveBeenCalledWith({
+			name: "1Password GitHub Action",
+			id: "GHA",
+		});
+		expect(exec.getExecOutput).toHaveBeenCalledWith('sh -c "op env ls"');
 		expect(core.exportVariable).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"resolved-via-connect",
-		);
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			envManagedVariables,
-			"MY_SECRET",
+			"OP_MANAGED_VARIABLES",
+			"MOCK_SECRET",
 		);
 	});

 	it("return early if no env vars with secrets found", async () => {
-		delete process.env.MY_SECRET;
+		(exec.getExecOutput as jest.Mock).mockReturnValueOnce({ stdout: "" });
 		await loadSecrets(true);

+		expect(exec.getExecOutput).toHaveBeenCalledWith('sh -c "op env ls"');
 		expect(core.exportVariable).not.toHaveBeenCalled();
 	});

-	it("sets step output when shouldExportEnv is false", async () => {
-		await loadSecrets(false);
-
-		expect(core.setOutput).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"resolved-via-connect",
-		);
-		expect(core.exportVariable).not.toHaveBeenCalled();
-	});
-
-	it("masks resolved secret with setSecret", async () => {
-		await loadSecrets(true);
-
-		expect(core.setSecret).toHaveBeenCalledWith("resolved-via-connect");
-	});
-
-	it("calls getVault with vault segment from ref", async () => {
-		process.env.MY_SECRET = "op://my-vault-name/my-item/field";
-		const mockGetVault = jest.fn().mockResolvedValue({ id: "vault-uuid" });
-		const mockGetItem = jest.fn().mockResolvedValue({
-			fields: [{ label: "field", value: "secret-value", section: undefined }],
-			sections: [],
-		});
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: mockGetItem,
-		});
-
-		await loadSecrets(false);
-
-		expect(mockGetVault).toHaveBeenCalledWith("my-vault-name");
-	});
-
-	it("throws when getVault returns vault without id", async () => {
-		const mockGetVault = jest.fn().mockResolvedValue({});
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: jest.fn(),
-		});
-
-		await expect(loadSecrets(true)).rejects.toThrow(
-			/Could not find valid vault "vault" for ref "op:\/\/vault\/item\/field"/,
-		);
-		expect(mockGetVault).toHaveBeenCalledWith("vault");
-	});
-
-	it("resolves vault by name and uses returned id for getItem", async () => {
-		process.env.MY_SECRET = "op://My Vault/My Item/field";
-		const mockGetVault = jest
-			.fn()
-			.mockResolvedValue({ id: "uuid-for-my-vault" });
-		const mockGetItem = jest.fn().mockResolvedValue({
-			fields: [
-				{
-					label: "field",
-					value: "secret-from-named-vault",
-					section: undefined,
-				},
-			],
-			sections: [],
-		});
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: mockGetItem,
-		});
-
-		await loadSecrets(true);
-
-		expect(mockGetVault).toHaveBeenCalledWith("My Vault");
-		expect(mockGetItem).toHaveBeenCalledWith("uuid-for-my-vault", "My Item");
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"secret-from-named-vault",
-		);
-	});
-
-	it("calls getItem with vault id from getVault, not ref vault segment", async () => {
-		const mockGetVault = jest
-			.fn()
-			.mockResolvedValue({ id: "resolved-vault-id" });
-		const mockGetItem = jest.fn().mockResolvedValue({
-			fields: [
-				{ label: "field", value: "resolved-via-connect", section: undefined },
-			],
-			sections: [],
-		});
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: mockGetItem,
-		});
-
-		await loadSecrets(true);
-
-		expect(mockGetVault).toHaveBeenCalledWith("vault");
-		expect(mockGetItem).toHaveBeenCalledWith("resolved-vault-id", "item");
-	});
-
-	it("rejects when getItem fails", async () => {
-		const mockGetVault = jest.fn().mockResolvedValue({ id: "vault-id-123" });
-		const mockGetItem = jest
-			.fn()
-			.mockRejectedValue(new Error("Item not found"));
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: mockGetItem,
-		});
-
-		await expect(loadSecrets(true)).rejects.toThrow("Item not found");
-	});
-
-	it("resolves refs in different vaults using each vault id", async () => {
-		delete process.env.MY_SECRET;
-		process.env.SECRET_A = "op://vault-a/item1/field1";
-		process.env.SECRET_B = "op://vault-b/item2/field2";
-		const mockGetVault = jest
-			.fn()
-			.mockImplementation(async (vaultName: string) =>
-				Promise.resolve({
-					id: vaultName === "vault-a" ? "id-a" : "id-b",
-				}),
-			);
-		const mockGetItem = jest
-			.fn()
-			.mockResolvedValueOnce({
-				fields: [{ label: "field1", value: "value-a", section: undefined }],
-				sections: [],
-			})
-			.mockResolvedValueOnce({
-				fields: [{ label: "field2", value: "value-b", section: undefined }],
-				sections: [],
-			});
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: mockGetItem,
-		});
-
-		await loadSecrets(true);
-
-		expect(mockGetVault).toHaveBeenCalledWith("vault-a");
-		expect(mockGetVault).toHaveBeenCalledWith("vault-b");
-		expect(mockGetItem).toHaveBeenNthCalledWith(1, "id-a", "item1");
-		expect(mockGetItem).toHaveBeenNthCalledWith(2, "id-b", "item2");
-		expect(core.exportVariable).toHaveBeenCalledWith("SECRET_A", "value-a");
-		expect(core.exportVariable).toHaveBeenCalledWith("SECRET_B", "value-b");
-	});
-
-	it("throws on invalid ref before calling Connect", async () => {
-		delete process.env.MY_SECRET;
-		process.env.BAD_REF = "op://x";
-		const mockGetVault = jest.fn();
-		const mockGetItem = jest.fn();
-		(OnePasswordConnect as jest.Mock).mockReturnValue({
-			getVault: mockGetVault,
-			getItem: mockGetItem,
-		});
-
-		await expect(loadSecrets(true)).rejects.toThrow(/invalid|reference/i);
-		expect(mockGetVault).not.toHaveBeenCalled();
-		expect(mockGetItem).not.toHaveBeenCalled();
-	});
-
 	describe("core.exportVariable", () => {
 		it("is called when shouldExportEnv is true", async () => {
 			await loadSecrets(true);

-			expect(core.exportVariable).toHaveBeenCalledTimes(2);
-			expect(core.exportVariable).toHaveBeenCalledWith(
-				"MY_SECRET",
-				"resolved-via-connect",
-			);
-			expect(core.exportVariable).toHaveBeenCalledWith(
-				envManagedVariables,
-				"MY_SECRET",
-			);
+			expect(core.exportVariable).toHaveBeenCalledTimes(1);
 		});

 		it("is not called when shouldExportEnv is false", async () => {
@@ -388,199 +175,6 @@ describe("loadSecrets when using Connect", () => {
 	});
 });

-describe("loadSecrets when using Service Account", () => {
-	const mockResolve = jest.fn();
-
-	beforeEach(() => {
-		process.env[envConnectHost] = "";
-		process.env[envConnectToken] = "";
-		process.env[envServiceAccountToken] = "ops_token";
-
-		Object.keys(process.env).forEach((key) => {
-			if (
-				typeof process.env[key] === "string" &&
-				process.env[key]?.startsWith("op://")
-			) {
-				delete process.env[key];
-			}
-		});
-		process.env.MY_SECRET = "op://vault/item/field";
-
-		(createClient as jest.Mock).mockResolvedValue({
-			secrets: { resolve: mockResolve },
-		});
-
-		mockResolve.mockResolvedValue("resolved-secret-value");
-	});
-
-	it("does not call op env ls when using Service Account", async () => {
-		await loadSecrets(false);
-		expect(exec.getExecOutput).not.toHaveBeenCalled();
-	});
-
-	it("sets step output with resolved value when export-env is false", async () => {
-		await loadSecrets(false);
-		expect(core.setOutput).toHaveBeenCalledTimes(1);
-		expect(core.setOutput).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"resolved-secret-value",
-		);
-	});
-
-	it("masks secret with setSecret when export-env is false", async () => {
-		await loadSecrets(false);
-		expect(core.setSecret).toHaveBeenCalledTimes(1);
-		expect(core.setSecret).toHaveBeenCalledWith("resolved-secret-value");
-	});
-
-	it("does not call exportVariable when export-env is false", async () => {
-		await loadSecrets(false);
-		expect(core.exportVariable).not.toHaveBeenCalled();
-	});
-
-	it("exports env and sets OP_MANAGED_VARIABLES when export-env is true", async () => {
-		await loadSecrets(true);
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			"MY_SECRET",
-			"resolved-secret-value",
-		);
-		expect(core.exportVariable).toHaveBeenCalledWith(
-			envManagedVariables,
-			"MY_SECRET",
-		);
-	});
-
-	it("does not set step output when export-env is true", async () => {
-		await loadSecrets(true);
-		expect(core.setOutput).not.toHaveBeenCalledWith(
-			"MY_SECRET",
-			expect.anything(),
-		);
-	});
-
-	it("masks secret with setSecret when export-env is true", async () => {
-		await loadSecrets(true);
-		expect(core.setSecret).toHaveBeenCalledTimes(1);
-		expect(core.setSecret).toHaveBeenCalledWith("resolved-secret-value");
-	});
-
-	it("returns early when no env vars have op:// refs", async () => {
-		Object.keys(process.env).forEach((key) => {
-			if (
-				typeof process.env[key] === "string" &&
-				process.env[key]?.startsWith("op://")
-			) {
-				delete process.env[key];
-			}
-		});
-		await loadSecrets(true);
-		expect(exec.getExecOutput).not.toHaveBeenCalled();
-		expect(core.exportVariable).not.toHaveBeenCalled();
-	});
-
-	it("wraps createClient errors with a descriptive message", async () => {
-		(createClient as jest.Mock).mockRejectedValue(
-			new Error("invalid token format"),
-		);
-		await expect(loadSecrets(false)).rejects.toThrow(
-			"Service account authentication failed: invalid token format",
-		);
-	});
-
-	describe("multiple refs", () => {
-		const ref1 = "op://vault/item/field";
-		const ref2 = "op://vault/other/item";
-		const ref3 = "op://vault/file/secret";
-
-		beforeEach(() => {
-			process.env.MY_SECRET = ref1;
-			process.env.ANOTHER_SECRET = ref2;
-			process.env.FILE_SECRET = ref3;
-
-			mockResolve
-				.mockResolvedValueOnce("value1")
-				.mockResolvedValueOnce("value2")
-				.mockResolvedValueOnce("value3");
-		});
-
-		it("resolves each ref and sets step output for each when export-env is false", async () => {
-			await loadSecrets(false);
-
-			expect(mockResolve).toHaveBeenCalledTimes(3);
-			expect(mockResolve).toHaveBeenCalledWith(ref1);
-			expect(mockResolve).toHaveBeenCalledWith(ref2);
-			expect(mockResolve).toHaveBeenCalledWith(ref3);
-
-			expect(core.setOutput).toHaveBeenCalledTimes(3);
-			expect(core.setOutput).toHaveBeenCalledWith("MY_SECRET", "value1");
-			expect(core.setOutput).toHaveBeenCalledWith("ANOTHER_SECRET", "value2");
-			expect(core.setOutput).toHaveBeenCalledWith("FILE_SECRET", "value3");
-
-			expect(core.setSecret).toHaveBeenCalledTimes(3);
-		});
-
-		it("resolves each ref and exports each and sets OP_MANAGED_VARIABLES when export-env is true", async () => {
-			await loadSecrets(true);
-
-			expect(mockResolve).toHaveBeenCalledTimes(3);
-
-			expect(core.exportVariable).toHaveBeenCalledWith("MY_SECRET", "value1");
-			expect(core.exportVariable).toHaveBeenCalledWith(
-				"ANOTHER_SECRET",
-				"value2",
-			);
-			expect(core.exportVariable).toHaveBeenCalledWith("FILE_SECRET", "value3");
-
-			const exportVariableCalls = (core.exportVariable as jest.Mock).mock
-				.calls as [string, string][];
-			const managedVarsCall = exportVariableCalls.find(
-				([name]) => name === envManagedVariables,
-			);
-			expect(managedVarsCall).toBeDefined();
-			const managedList = (managedVarsCall as [string, string])[1].split(",");
-			expect(managedList).toContain("MY_SECRET");
-			expect(managedList).toContain("ANOTHER_SECRET");
-			expect(managedList).toContain("FILE_SECRET");
-			expect(managedList).toHaveLength(3);
-
-			expect(core.setSecret).toHaveBeenCalledTimes(3);
-		});
-	});
-
-	describe("secret reference validation", () => {
-		it("fails with clear message when a secret reference is invalid", async () => {
-			process.env.MY_SECRET = "op://x";
-			(Secrets.validateSecretReference as jest.Mock).mockImplementationOnce(
-				() => {
-					throw new Error("invalid reference format");
-				},
-			);
-
-			await expect(loadSecrets(true)).rejects.toThrow(
-				"Invalid secret reference(s): MY_SECRET",
-			);
-			expect(mockResolve).not.toHaveBeenCalled();
-		});
-
-		it("validates all refs before resolving any secrets", async () => {
-			process.env.MY_SECRET = "op://vault/item/field";
-			process.env.OTHER = "op://vault/other/item";
-			(Secrets.validateSecretReference as jest.Mock).mockImplementation(
-				(ref: string) => {
-					if (ref === "op://vault/other/item") {
-						throw new Error("invalid");
-					}
-				},
-			);
-
-			await expect(loadSecrets(false)).rejects.toThrow(
-				"Invalid secret reference(s): OTHER",
-			);
-			expect(mockResolve).not.toHaveBeenCalled();
-		});
-	});
-});
-
 describe("unsetPrevious", () => {
 	const testManagedEnv = "TEST_SECRET";
 	const testSecretValue = "MyS3cr#T";
@@ -597,360 +191,3 @@ describe("unsetPrevious", () => {
 		expect(core.exportVariable).toHaveBeenCalledWith("TEST_SECRET", "");
 	});
 });
-
-describe("findMatchingFieldAndFile", () => {
-	interface TestField {
-		id?: string;
-		label?: string;
-		value?: string | null;
-		section?: { id: string } | null | undefined;
-	}
-	interface TestFile {
-		id?: string;
-		name?: string;
-		section?: { id: string } | null | undefined;
-	}
-
-	const item = (opts: { fields?: TestField[]; files?: TestFile[] }): FullItem =>
-		({
-			fields: opts.fields ?? [],
-			files: opts.files ?? [],
-			sections: [],
-		}) as unknown as FullItem;
-
-	const find = (
-		opts: { fields?: TestField[]; files?: TestFile[] },
-		sectionIds: string[] = [],
-	) => findMatchingFieldAndFile(item(opts), "password", sectionIds);
-
-	describe("when section filter is used (sectionIds.length > 0)", () => {
-		it.each<{
-			name: string;
-			itemOpts: { fields?: TestField[]; files?: TestFile[] };
-			expected: { fieldValue?: string; fileId?: string };
-		}>([
-			{
-				name: "returns field value when one field matches query and is in ref sections",
-				itemOpts: {
-					fields: [
-						{
-							id: "f1",
-							label: "password",
-							value: "secret123",
-							section: { id: "section-1" },
-						},
-					],
-				},
-				expected: { fieldValue: "secret123" },
-			},
-			{
-				name: "returns file id when one file matches query and is in ref sections",
-				itemOpts: {
-					files: [
-						{
-							id: "file-uuid",
-							name: "password",
-							section: { id: "section-1" },
-						},
-					],
-				},
-				expected: { fileId: "file-uuid" },
-			},
-			{
-				name: "returns empty object when no field or file matches",
-				itemOpts: {
-					fields: [
-						{ label: "other", value: "x", section: { id: "section-1" } },
-					],
-					files: [],
-				},
-				expected: {},
-			},
-			{
-				name: "returns field value when field matches by id",
-				itemOpts: {
-					fields: [
-						{
-							id: "password",
-							label: "Password Label",
-							value: "secret-by-id",
-							section: { id: "section-1" },
-						},
-					],
-				},
-				expected: { fieldValue: "secret-by-id" },
-			},
-		])("$name", ({ itemOpts, expected }) => {
-			expect(find(itemOpts, ["section-1"])).toEqual(expected);
-		});
-
-		it.each<{
-			name: string;
-			itemOpts: { fields?: TestField[]; files?: TestFile[] };
-			error: RegExp;
-		}>([
-			{
-				name: "throws when multiple fields match",
-				itemOpts: {
-					fields: [
-						{ label: "password", value: "a", section: { id: "section-1" } },
-						{ label: "password", value: "b", section: { id: "section-1" } },
-					],
-				},
-				error: /Multiple matches/,
-			},
-			{
-				name: "throws when multiple files match",
-				itemOpts: {
-					files: [
-						{ id: "id1", name: "password", section: { id: "section-1" } },
-						{ id: "id2", name: "password", section: { id: "section-1" } },
-					],
-				},
-				error: /Multiple matches/,
-			},
-			{
-				name: "throws when both a field and a file match",
-				itemOpts: {
-					fields: [
-						{ label: "password", value: "v", section: { id: "section-1" } },
-					],
-					files: [
-						{ id: "fid", name: "password", section: { id: "section-1" } },
-					],
-				},
-				error: /Both a field and a file match/,
-			},
-			{
-				name: "throws when field has no value",
-				itemOpts: {
-					fields: [
-						{ label: "password", value: null, section: { id: "section-1" } },
-					],
-				},
-				error: /has no value/,
-			},
-		])("$name", ({ itemOpts, error }) => {
-			expect(() => find(itemOpts, ["section-1"])).toThrow(error);
-		});
-	});
-
-	describe("when no section filter (sectionIds.length === 0)", () => {
-		const sectionIds: string[] = [];
-
-		it.each<{
-			name: string;
-			itemOpts: { fields?: TestField[]; files?: TestFile[] };
-			expected: { fieldValue?: string; fileId?: string };
-		}>([
-			{
-				name: "returns field value when one field has no section and matches query",
-				itemOpts: {
-					fields: [{ label: "password", value: "secret", section: undefined }],
-				},
-				expected: { fieldValue: "secret" },
-			},
-			{
-				name: "returns file id when one file has no section and matches query",
-				itemOpts: {
-					files: [{ id: "file-id", name: "password", section: undefined }],
-				},
-				expected: { fileId: "file-id" },
-			},
-			{
-				name: "returns field value from fallback (any section) when no field with no section matches",
-				itemOpts: {
-					fields: [
-						{ label: "other", value: "x", section: undefined },
-						{
-							label: "password",
-							value: "from-any-section",
-							section: { id: "sec" },
-						},
-					],
-				},
-				expected: { fieldValue: "from-any-section" },
-			},
-			{
-				name: "returns file id from fallback (any section) when no file with no section matches",
-				itemOpts: {
-					files: [
-						{ id: "other", name: "x", section: undefined },
-						{ id: "file-any", name: "password", section: { id: "sec" } },
-					],
-				},
-				expected: { fileId: "file-any" },
-			},
-			{
-				name: "returns empty object when no match",
-				itemOpts: {
-					fields: [{ label: "other", value: "x", section: undefined }],
-					files: [],
-				},
-				expected: {},
-			},
-		])("$name", ({ itemOpts, expected }) => {
-			expect(find(itemOpts, sectionIds)).toEqual(expected);
-		});
-
-		it.each<{
-			name: string;
-			itemOpts: { fields?: TestField[]; files?: TestFile[] };
-			error: RegExp;
-		}>([
-			{
-				name: "throws when multiple fields with no section match",
-				itemOpts: {
-					fields: [
-						{ label: "password", value: "a", section: undefined },
-						{ label: "password", value: "b", section: undefined },
-					],
-				},
-				error: /Multiple matches/,
-			},
-			{
-				name: "throws when multiple files with no section match",
-				itemOpts: {
-					files: [
-						{ id: "1", name: "password", section: undefined },
-						{ id: "2", name: "password", section: undefined },
-					],
-				},
-				error: /Multiple matches/,
-			},
-			{
-				name: "throws when both field and file match",
-				itemOpts: {
-					fields: [{ label: "password", value: "value", section: undefined }],
-					files: [{ id: "fid", name: "password", section: undefined }],
-				},
-				error: /Both a field and a file match/,
-			},
-		])("$name", ({ itemOpts, error }) => {
-			expect(() => find(itemOpts, sectionIds)).toThrow(error);
-		});
-	});
-});
-
-describe("findSectionIdsByQuery", () => {
-	it("throws when sections is empty", () => {
-		expect(() => findSectionIdsByQuery([], "section-1")).toThrow(
-			/Item has no sections; cannot resolve section "section-1"/,
-		);
-	});
-
-	it("throws when sections is null/undefined", () => {
-		expect(() =>
-			findSectionIdsByQuery(undefined as unknown as FullItem["sections"], "x"),
-		).toThrow(/Item has no sections; cannot resolve section "x"/);
-	});
-
-	it("throws when section query matches no section", () => {
-		const sections = [{ id: "sec-1", label: "Other" }];
-		expect(() =>
-			findSectionIdsByQuery(sections as FullItem["sections"], "nonexistent"),
-		).toThrow(/No section matching "nonexistent" found in specified item/);
-	});
-
-	it("returns section id when section matches by label", () => {
-		const sections = [{ id: "sec-1", label: "My Section" }];
-		expect(
-			findSectionIdsByQuery(sections as FullItem["sections"], "My Section"),
-		).toEqual(["sec-1"]);
-	});
-
-	it("throws when section query matches no section", () => {
-		const sections = [{ id: "sec-1", label: "Other" }];
-		expect(() =>
-			findSectionIdsByQuery(sections as FullItem["sections"], "nonexistent"),
-		).toThrow(/No section matching "nonexistent" found in specified item/);
-	});
-
-	it("returns multiple ids when multiple sections match", () => {
-		const sections = [
-			{ id: "sec-1", label: "A" },
-			{ id: "sec-2", label: "A" },
-		];
-		expect(
-			findSectionIdsByQuery(sections as FullItem["sections"], "A"),
-		).toEqual(["sec-1", "sec-2"]);
-	});
-});
-
-describe("parseOpRef", () => {
-	it("parses 3-segment ref (vault/item/field)", () => {
-		expect(parseOpRef("op://vault/item/field")).toEqual({
-			vault: "vault",
-			item: "item",
-			field: "field",
-			section: undefined,
-		});
-	});
-
-	it("parses 4-segment ref (vault/item/section/field)", () => {
-		expect(parseOpRef("op://vault/item/MySection/password")).toEqual({
-			vault: "vault",
-			item: "item",
-			section: "MySection",
-			field: "password",
-		});
-	});
-
-	it("decodes URI-encoded segments", () => {
-		expect(parseOpRef("op://my%20vault/my%20item/field")).toEqual({
-			vault: "my vault",
-			item: "my item",
-			field: "field",
-			section: undefined,
-		});
-	});
-
-	it("throws when ref does not start with op://", () => {
-		expect(() => parseOpRef("invalid-ref")).toThrow(
-			/Invalid op reference: invalid-ref/,
-		);
-	});
-
-	it("throws when segment count is invalid", () => {
-		expect(() => parseOpRef("op://vault/item")).toThrow(
-			/use op:\/\/<vault>\/<item>\/<field>/,
-		);
-		expect(() => parseOpRef("op://a/b/c/d/e")).toThrow(
-			/use op:\/\/<vault>\/<item>\/<field>/,
-		);
-	});
-
-	it("throws when vault or item or field is empty", () => {
-		expect(() => parseOpRef("op:///item/field")).toThrow(/vault is required/);
-		expect(() => parseOpRef("op://vault//field")).toThrow(/item is required/);
-		expect(() => parseOpRef("op://vault/item/")).toThrow(/field is required/);
-	});
-
-	it("throws when 4-segment ref has empty section", () => {
-		expect(() => parseOpRef("op://vault/item//field")).toThrow(
-			/section is required when using 4 path segments/,
-		);
-	});
-
-	it("throws when last segment is empty (trailing slash)", () => {
-		expect(() => parseOpRef("op://vault/item/field/")).toThrow(
-			/field is required/,
-		);
-	});
-});
-
-describe("getEnvVarNamesWithSecretRefs", () => {
-	it("returns only env var names whose value is a string starting with op://", () => {
-		process.env.OP_REF = "op://vault/item/field";
-		process.env.NOT_OP_REF = "https://example.com";
-		process.env.EMPTY_REF = "";
-		process.env.OP_REF_OTHER = "op://other/vault/item/secret";
-
-		const result = getEnvVarNamesWithSecretRefs();
-
-		expect(result).toContain("OP_REF");
-		expect(result).toContain("OP_REF_OTHER");
-		expect(result).not.toContain("NOT_OP_REF");
-		expect(result).not.toContain("EMPTY_REF");
-	});
-});
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -1,7 +1,6 @@
 import * as core from "@actions/core";
-import { read } from "@1password/op-js";
-import { createClient, Secrets } from "@1password/sdk";
-import { OnePasswordConnect, FullItem, OPConnect } from "@1password/connect";
+import * as exec from "@actions/exec";
+import { read, setClientInfo, semverToInt } from "@1password/op-js";
 import { version } from "../package.json";
 import {
 	authErr,
@@ -11,317 +10,6 @@ import {
 	envManagedVariables,
 } from "./constants";

-// #region Op ref parsing
-interface ParsedOpRef {
-	vault: string;
-	item: string;
-	section: string | undefined;
-	field: string;
-}
-
-export const parseOpRef = (ref: string): ParsedOpRef => {
-	// Safety check: refs are validated by validateSecretRefs before this runs
-	// this guards against parseOpRef being called directly with invalid input
-	if (!ref.startsWith("op://")) {
-		throw new Error(`Invalid op reference: ${ref}`);
-	}
-
-	const segments = ref
-		.slice("op://".length)
-		.split("/")
-		.map((s) => decodeURIComponent(s));
-
-	if (segments.length < 3 || segments.length > 4) {
-		throw new Error(
-			`Invalid op reference: use op://<vault>/<item>/<field> or op://<vault>/<item>/<section>/<field>. Got: ${ref}`,
-		);
-	}
-
-	const vault = segments[0] ?? "";
-	if (!vault) {
-		throw new Error(`Invalid op reference: vault is required`);
-	}
-
-	const item = segments[1] ?? "";
-	if (!item) {
-		throw new Error(`Invalid op reference: item is required`);
-	}
-
-	// Last segment is always the field
-	const field = segments[segments.length - 1] ?? "";
-	if (!field) {
-		throw new Error(`Invalid op reference: field is required`);
-	}
-
-	// Second to last segment is the section if it exists
-	let section: string | undefined;
-	if (segments.length === 4) {
-		section = segments[2];
-		if (!section) {
-			throw new Error(
-				`Invalid op reference: section is required when using 4 path segments`,
-			);
-		}
-	}
-
-	return {
-		vault,
-		item,
-		field,
-		section,
-	};
-};
-// #endregion
-
-// #region Connect item resolution
-const getSecretFromConnectItem = async (
-	client: OPConnect,
-	item: FullItem,
-	parsed: ParsedOpRef,
-): Promise<string> => {
-	const sectionIds = parsed.section
-		? findSectionIdsByQuery(item.sections, parsed.section)
-		: [];
-	const { fieldValue, fileId } = findMatchingFieldAndFile(
-		item,
-		parsed.field,
-		sectionIds,
-	);
-
-	if (fieldValue !== undefined) {
-		return fieldValue;
-	}
-
-	if (fileId) {
-		return getFileContentWithRetry(client, parsed.vault, parsed.item, fileId);
-	}
-
-	if (parsed.section) {
-		throw new Error(
-			`could not find field or file ${parsed.field} in section ${parsed.section} on item ${parsed.item} in vault ${parsed.vault}`,
-		);
-	}
-
-	throw new Error(
-		`could not find field or file ${parsed.field} on item ${parsed.item} in vault ${parsed.vault}`,
-	);
-};
-
-const getFileContentWithRetry = async (
-	client: OPConnect,
-	vaultId: string,
-	itemId: string,
-	fileId: string,
-): Promise<string> => {
-	const maxAttempts = 3;
-	const retryDelayMs = 2000;
-	for (let attempt = 1; attempt <= maxAttempts; attempt++) {
-		try {
-			return await client.getFileContent(vaultId, itemId, fileId);
-		} catch (err) {
-			// Retry on 503 errors as this can happen on multiple secret fetches
-			const is503 =
-				err !== null &&
-				typeof err === "object" &&
-				(err as Record<string, unknown>).statusCode === 503;
-			if (is503 && attempt < maxAttempts) {
-				await new Promise((r) => setTimeout(r, retryDelayMs));
-				continue;
-			}
-			throw err;
-		}
-	}
-	return "";
-};
-
-export const findSectionIdsByQuery = (
-	sections: FullItem["sections"],
-	sectionQuery: string | undefined,
-): string[] => {
-	// If no sections were returned with the item throw an error
-	if (!sections || sections.length === 0) {
-		throw new Error(
-			`Item has no sections; cannot resolve section "${sectionQuery}"`,
-		);
-	}
-
-	const ids = sections
-		.filter((s) => s.id === sectionQuery || s.label === sectionQuery)
-		.flatMap((s) => (s.id ? [s.id] : []));
-
-	// If no sections were found with the given query throw an error
-	if (ids.length === 0) {
-		throw new Error(
-			`No section matching "${sectionQuery}" found in specified item`,
-		);
-	}
-
-	return ids;
-};
-
-export const findMatchingFieldAndFile = (
-	item: FullItem,
-	fieldOrFileQuery: string,
-	sectionIds: string[],
-): { fieldValue?: string; fileId?: string } => {
-	// Get the fields/files from the item and check if the ref has a section filter
-	const fields = item.fields ?? [];
-	const files = item.files ?? [];
-	const sectionFilter = sectionIds.length > 0;
-
-	const fieldMatchesQuery = (f: (typeof fields)[0]) =>
-		f.id === fieldOrFileQuery || f.label === fieldOrFileQuery;
-	const fileMatchesQuery = (f: (typeof files)[0]) =>
-		f.id === fieldOrFileQuery || f.name === fieldOrFileQuery;
-
-	let matchedField: (typeof fields)[0] | undefined;
-	let matchedFile: (typeof files)[0] | undefined;
-
-	if (sectionFilter) {
-		// If the ref has a section filter only accept matches inside the referenced sections
-		const matchingFields = fields.filter((f) => {
-			const sectionId = f.section?.id;
-			const inRefSections =
-				sectionId !== null &&
-				sectionId !== undefined &&
-				sectionIds.includes(sectionId);
-			return fieldMatchesQuery(f) && inRefSections;
-		});
-		matchedField = findSingleMatch(matchingFields);
-
-		const matchingFiles = files.filter((f) => {
-			const sectionId = f.section?.id;
-			const inRefSections =
-				sectionId !== null &&
-				sectionId !== undefined &&
-				sectionIds.includes(sectionId);
-			return fileMatchesQuery(f) && inRefSections;
-		});
-		matchedFile = findSingleMatch(matchingFiles);
-	} else {
-		// If the ref has no section filter search for matches with no section
-		const matchingFields = fields.filter((f) => {
-			const hasNoSection =
-				f.section?.id === null || f.section?.id === undefined;
-			return fieldMatchesQuery(f) && hasNoSection;
-		});
-		matchedField = findSingleMatch(matchingFields);
-
-		// If no matches were found with no section, search for matches in any section
-		if (!matchedField) {
-			const matchingFieldsInAnySection = fields.filter(fieldMatchesQuery);
-			matchedField = findSingleMatch(matchingFieldsInAnySection);
-		}
-
-		const matchingFiles = files.filter((f) => {
-			const hasNoSection =
-				f.section?.id === null || f.section?.id === undefined;
-			return fileMatchesQuery(f) && hasNoSection;
-		});
-		matchedFile = findSingleMatch(matchingFiles);
-
-		if (!matchedFile) {
-			const matchingFilesInAnySection = files.filter(fileMatchesQuery);
-			matchedFile = findSingleMatch(matchingFilesInAnySection);
-		}
-	}
-
-	if (matchedField && matchedFile) {
-		throw new Error(
-			`Both a field and a file match "${fieldOrFileQuery}". Rename one or use the ID in your op:// reference.`,
-		);
-	}
-
-	if (matchedField) {
-		if (matchedField.value === undefined || matchedField.value === null) {
-			throw new Error(
-				`field ${fieldOrFileQuery} has no value in specified item`,
-			);
-		}
-		return { fieldValue: matchedField.value };
-	}
-
-	if (matchedFile?.id) {
-		return { fileId: matchedFile.id };
-	}
-
-	return {};
-};
-
-const findSingleMatch = <T>(matches: T[]): T | undefined => {
-	if (matches.length > 1) {
-		throw new Error(
-			"Multiple matches found. Rename one or use an ID in your op:// reference.",
-		);
-	}
-	return matches[0];
-};
-
-const createConnectClient = (host: string, token: string): OPConnect => {
-	try {
-		return OnePasswordConnect({
-			// eslint-disable-next-line @typescript-eslint/naming-convention
-			serverURL: host,
-			token,
-		});
-	} catch (err) {
-		const message = err instanceof Error ? err.message : String(err);
-		throw new Error(`Connect authentication failed: ${message}`);
-	}
-};
-// #endregion
-
-// #region Shared helpers and auth
-export const getEnvVarNamesWithSecretRefs = (): string[] =>
-	Object.keys(process.env).filter(
-		(key) =>
-			typeof process.env[key] === "string" &&
-			process.env[key]?.startsWith("op://"),
-	);
-
-const validateSecretRefs = (envNames: string[]): void => {
-	const invalid: { name: string; message: string }[] = [];
-
-	for (const envName of envNames) {
-		const ref = process.env[envName];
-		if (!ref) {
-			continue;
-		}
-
-		try {
-			Secrets.validateSecretReference(ref);
-		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
-			invalid.push({ name: envName, message });
-		}
-	}
-
-	// Throw an error if any secret references are invalid
-	if (invalid.length > 0) {
-		const details = invalid
-			.map(({ name, message }) => `${name}: ${message}`)
-			.join("; ");
-		throw new Error(`Invalid secret reference(s): ${details}`);
-	}
-};
-
-const setResolvedSecret = (
-	envName: string,
-	secretValue: string,
-	shouldExportEnv: boolean,
-): void => {
-	core.info(`Populating variable: ${envName}`);
-
-	if (shouldExportEnv) {
-		core.exportVariable(envName, secretValue);
-	} else {
-		core.setOutput(envName, secretValue);
-	}
-	if (secretValue) {
-		core.setSecret(secretValue);
-	}
-};
-
 export const validateAuth = (): void => {
 	const isConnect = process.env[envConnectHost] && process.env[envConnectToken];
 	const isServiceAccount = process.env[envServiceAccountToken];
@@ -345,6 +33,8 @@ export const extractSecret = (
 	envName: string,
 	shouldExportEnv: boolean,
 ): void => {
+	core.info(`Populating variable: ${envName}`);
+
 	const ref = process.env[envName];
 	if (!ref) {
 		return;
@@ -355,7 +45,42 @@ export const extractSecret = (
 		return;
 	}

-	setResolvedSecret(envName, secretValue, shouldExportEnv);
+	if (shouldExportEnv) {
+		core.exportVariable(envName, secretValue);
+	} else {
+		core.setOutput(envName, secretValue);
+	}
+	// Skip setSecret for empty strings to avoid the warning:
+	// "Can't add secret mask for empty string in ##[add-mask] command."
+	if (secretValue) {
+		core.setSecret(secretValue);
+	}
+};
+
+export const loadSecrets = async (shouldExportEnv: boolean): Promise<void> => {
+	// Pass User-Agent Information to the 1Password CLI
+	setClientInfo({
+		name: "1Password GitHub Action",
+		id: "GHA",
+		build: semverToInt(version),
+	});
+
+	// Load secrets from environment variables using 1Password CLI.
+	// Iterate over them to find 1Password references, extract the secret values,
+	// and make them available in the next steps either as step outputs or as environment variables.
+	const res = await exec.getExecOutput(`sh -c "op env ls"`);
+
+	if (res.stdout === "") {
+		return;
+	}
+
+	const envs = res.stdout.replace(/\n+$/g, "").split(/\r?\n/);
+	for (const envName of envs) {
+		extractSecret(envName, shouldExportEnv);
+	}
+	if (shouldExportEnv) {
+		core.exportVariable(envManagedVariables, envs.join());
+	}
 };

 export const unsetPrevious = (): void => {
@@ -368,138 +93,3 @@ export const unsetPrevious = (): void => {
 		}
 	}
 };
-
-const fetchVaultId = async (
-	client: OPConnect,
-	vaultQuery: string,
-	ref: string,
-	vaultIdCache: Map<string, string>,
-): Promise<string> => {
-	// Check if the vault ID is already cached to avoid unnecessary API calls
-	const cached = vaultIdCache.get(vaultQuery);
-	if (cached !== undefined) {
-		return cached;
-	}
-
-	const vault = await client.getVault(vaultQuery);
-	if (!vault.id) {
-		throw new Error(
-			`Could not find valid vault "${vaultQuery}" for ref "${ref}"`,
-		);
-	}
-
-	vaultIdCache.set(vaultQuery, vault.id);
-	return vault.id;
-};
-// #endregion
-
-// #region Load secrets
-// Connect loads secrets via the Connect JS SDK
-const loadSecretsViaConnect = async (
-	shouldExportEnv: boolean,
-): Promise<void> => {
-	const envs = getEnvVarNamesWithSecretRefs();
-	if (envs.length === 0) {
-		return;
-	}
-
-	validateSecretRefs(envs);
-
-	const host = process.env[envConnectHost];
-	const token = process.env[envConnectToken];
-	if (!host || !token) {
-		throw new Error(authErr);
-	}
-
-	const client = createConnectClient(host, token);
-	const vaultIdCache = new Map<string, string>();
-
-	for (const envName of envs) {
-		const ref = process.env[envName];
-		if (!ref) {
-			continue;
-		}
-
-		try {
-			// Parse the op ref and get the item from the Connect SDK
-			const parsed = parseOpRef(ref);
-
-			const vaultId = await fetchVaultId(
-				client,
-				parsed.vault,
-				ref,
-				vaultIdCache,
-			);
-			const item = await client.getItem(vaultId, parsed.item);
-
-			// Get the secret value from the item as Connect returns a full item object
-			const secretValue = await getSecretFromConnectItem(client, item, parsed);
-			setResolvedSecret(envName, secretValue, shouldExportEnv);
-		} catch (err) {
-			const msg = err instanceof Error ? err.message : String(err);
-			throw new Error(`Failed to load ref "${ref}": ${msg}`);
-		}
-	}
-
-	if (shouldExportEnv) {
-		core.exportVariable(envManagedVariables, envs.join());
-	}
-};
-
-// Service Account loads secrets via the 1Password SDK
-const loadSecretsViaServiceAccount = async (
-	shouldExportEnv: boolean,
-): Promise<void> => {
-	const envs = getEnvVarNamesWithSecretRefs();
-	if (envs.length === 0) {
-		return;
-	}
-
-	validateSecretRefs(envs);
-
-	const token = process.env[envServiceAccountToken];
-	if (!token) {
-		throw new Error(authErr);
-	}
-
-	// Authenticate with the 1Password SDK
-	let client;
-	try {
-		client = await createClient({
-			auth: token,
-			integrationName: "1Password GitHub Action",
-			integrationVersion: version,
-		});
-	} catch (err) {
-		const message = err instanceof Error ? err.message : String(err);
-		throw new Error(`Service account authentication failed: ${message}`);
-	}
-
-	for (const envName of envs) {
-		const ref = process.env[envName];
-		if (!ref) {
-			continue;
-		}
-
-		// Resolve the secret value using the 1Password SDK
-		// and make it available either as step outputs or as environment variables
-		const secretValue = await client.secrets.resolve(ref);
-		setResolvedSecret(envName, secretValue, shouldExportEnv);
-	}
-
-	if (shouldExportEnv) {
-		core.exportVariable(envManagedVariables, envs.join());
-	}
-};
-
-export const loadSecrets = async (shouldExportEnv: boolean): Promise<void> => {
-	const isConnect = process.env[envConnectHost] && process.env[envConnectToken];
-
-	if (isConnect) {
-		await loadSecretsViaConnect(shouldExportEnv);
-		return;
-	}
-
-	await loadSecretsViaServiceAccount(shouldExportEnv);
-};
-// #endregion
--- a/tests/assert-env-set.sh
+++ b/tests/assert-env-set.sh
@@ -10,9 +10,6 @@ assert_env_equals() {
 }

 readonly SECRET="RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu"
-readonly FILE_SECRET_CONTENT="This is a test"
-readonly DOUBLE_SECTION_SECRET_CONTENT="test-password"
-
 MULTILINE_SECRET="$(cat << EOF
 -----BEGIN PRIVATE KEY-----
 RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLApXaGls
@@ -37,9 +34,4 @@ assert_env_equals "SECRET_IN_SECTION" "${SECRET}"
 assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}"

 assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}"
-assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}"
-
-assert_env_equals "SECRET_WITH_FILE" "${FILE_SECRET_CONTENT}"
-assert_env_equals "SECRET_WITH_FILE_IN_SECTION" "${FILE_SECRET_CONTENT}"
-
-assert_env_equals "DOUBLE_SECTION_SECRET" "${DOUBLE_SECTION_SECRET_CONTENT}"
+assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}"
--- a/tests/assert-env-unset.sh
+++ b/tests/assert-env-unset.sh
@@ -17,7 +17,3 @@ assert_env_unset "FILE_SECRET_IN_SECTION"

 assert_env_unset "MULTILINE_SECRET"
 assert_env_unset "FILE_MULTILINE_SECRET"
-
-assert_env_unset "SECRET_WITH_FILE"
-assert_env_unset "SECRET_WITH_FILE_IN_SECTION"
-assert_env_unset "DOUBLE_SECTION_SECRET"
--- a/tests/assert-invalid-ref-failed.sh
+++ b/tests/assert-invalid-ref-failed.sh
@@ -1,7 +0,0 @@
-#!/bin/bash
-set -e
-if [ "$STEP_OUTCOME" != "failure" ]; then
-  echo "Expected action to fail on invalid ref, got: $STEP_OUTCOME"
-  exit 1
-fi
-echo "Action correctly failed on invalid ref"
Author	SHA1	Message	Date
Jill Regan	dafbe7cb03	Merge pull request #146 from 1Password/release/v3.2.1 Prepare Release v3.2.1	2026-03-02 19:32:56 -05:00
Jill Regan	7f98afc2d7	Remove binary	2026-03-02 19:13:10 -05:00
Jill Regan	9cdab8f59d	create new build	2026-03-02 19:03:41 -05:00
Jill Regan	6a14785fa5	Merge pull request #145 from 1Password/revert-pr-137 Rollback Migration to SDK with Service Account	2026-03-02 19:01:19 -05:00
Jill Regan	7d4e24a43f	Revert "Merge pull request #137 from 1Password/feature/migrate-to-sdk" This reverts commit `38b333095d`, reversing changes made to `652d567877`.	2026-03-02 18:41:50 -05:00
Jill Regan	cb7c5acc8a	Merge pull request #143 from 1Password/release/v3.2.0 Prepare Release/v3.2.0	2026-03-02 15:21:21 -05:00
Jill Regan	ea49b14f1e	Rebuild	2026-03-02 14:05:27 -05:00
Jill Regan	93abacc9df	Fix version	2026-03-02 14:03:42 -05:00
Jill Regan	40e52b6cef	Update version and build	2026-03-02 08:41:29 -05:00
Jill Regan	38b333095d	Merge pull request #137 from 1Password/feature/migrate-to-sdk feat: migrate service account ot use 1Password sdk	2026-02-27 14:13:44 -05:00
Jill Regan	5b2af23419	remove version	2026-02-27 11:34:19 -05:00
Jill Regan	652d567877	Merge pull request #141 from 1Password/fix/upgrade-actions-toolkit Upgrade actions toolkit	2026-02-27 10:51:00 -05:00
Jill Regan	ee92e1fd32	Update dist	2026-02-26 08:18:20 -05:00
Jill Regan	d688c27248	Update actions/exec	2026-02-26 08:14:16 -05:00
Jill Regan	a312828d43	switch to common js	2026-02-25 08:44:00 -05:00
Jill Regan	e6b45e828c	remove require statement	2026-02-24 10:44:26 -05:00
Jill Regan	639ddd6614	Update build configure	2026-02-24 09:51:56 -05:00
Jill Regan	e5d7353d74	use module exports	2026-02-24 09:40:54 -05:00
Jill Regan	a665f2c1ab	Merge pull request #135 from 1Password/jill/validate-secret-reference Add secret ref validation	2026-02-23 11:42:24 -05:00
Jill Regan	485265b41c	Upgrade actions toolkit	2026-02-22 12:50:32 -05:00