From 3a9100e7d5f585082d1a6d018b60d9a734a61aee Mon Sep 17 00:00:00 2001
From: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>
Date: Thu, 2 Mar 2023 16:06:42 -0500
Subject: [PATCH] Enhanced "Example Usage" section (#435)

+added documentation on how to use the retrieved secrets
+ added an example of converting the vault-action outputs to json
* fix e2e test setup
---
 README.md                     | 34 ++++++++++++++++++++++++++++++++++
 integrationTests/e2e/setup.js |  2 +-
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c2a6c7f8..f01a0593 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ jobs:
         steps:
             # ...
             - name: Import Secrets
+              id: import-secrets
               uses: hashicorp/vault-action@v2
               with:
                 url: https://vault.mycompany.com:8200
@@ -56,6 +57,39 @@ jobs:
             # ...
 ```
 
+Retrieved secrets are available as environment variables or outputs for subsequent steps:
+```yaml
+#...
+            - name: Step following 'Import Secrets'
+              run: |
+                ACCESS_KEY_ID = "${{ env.AWS_ACCESS_KEY_ID }}"
+                SECRET_ACCESS_KEY = "${{ steps.import-secrets.outputs.AWS_SECRET_ACCESS_KEY }}"
+            # ...
+```
+
+If your project needs a format other than env vars and step outputs, you can use additional steps to transform them into the desired format. 
+For example, a common pattern is to save all the secrets in a JSON file:
+```yaml
+#...
+            - name: Step following 'Import Secrets'
+              run: |
+                touch secrets.json
+                echo "${{ toJson(steps.import-secrets.outputs) }}" >> secrets.json
+            # ...
+```
+
+Which with our example would yield a file containing:
+```json
+{
+  "ACCESS_KEY_ID": "MY_KEY_ID",
+  "SECRET_ACCESS_KEY": "MY_SECRET_KEY",
+  "NPM_TOKEN": "MY_NPM_TOKEN"
+}
+```
+
+Note that all secrets are masked so programs need to read the file themselves otherwise all values will be replaced with a `***` placeholder.
+
+
 ## Authentication Methods
 
 Consider using a [Vault authentication method](https://www.vaultproject.io/docs/auth) such as the JWT auth method with
diff --git a/integrationTests/e2e/setup.js b/integrationTests/e2e/setup.js
index 6e84e72d..846a9ed7 100644
--- a/integrationTests/e2e/setup.js
+++ b/integrationTests/e2e/setup.js
@@ -1,7 +1,7 @@
 const got = require('got');
 
 const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`;
-const vaultToken = `${process.env.VAULT_TOKEN || 'testtoken'}`
+const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.VAULT_TOKEN}` : "testtoken";
 
 (async () => {
     try {