diff --git a/action.yml b/action.yml
index c0ca69b..d9bd432 100644
--- a/action.yml
+++ b/action.yml
@@ -22,6 +22,9 @@ inputs:
     description: 'Infisical Instance URL'
     default: 'https://infisical.lemarechal.eu'
     required: false
+  secrets:
+    description: 'Comma-separated list of secrets to fetch (e.g. "DISCORD_TOKEN,API_KEY"). If empty, fetches all.'
+    required: false
 
 runs:
   using: "composite"
@@ -84,7 +87,28 @@ runs:
 
         # 4. Injection
         echo "Injecting secrets into Gitea Environment..."
+        
+        # Prepare filter list (add commas to start/end makes matching "key" against ",key1,key2," easier)
+        FILTER_LIST="${{ inputs.secrets }}"
+        if [ -n "$FILTER_LIST" ]; then
+             # Remove spaces
+             FILTER_LIST=$(echo "$FILTER_LIST" | tr -d ' ')
+             # Surround with commas for exact match check
+             FILTER_LIST=",$FILTER_LIST,"
+             echo "Filtering for secrets: ${{ inputs.secrets }}"
+        fi
+
         echo "$SECRETS_RESPONSE" | jq -r 'if .secrets then .secrets[] | "\(.secretKey)=\(.secretValue)" else to_entries[] | "\(.key)=\(.value)" end' | while read -r line; do
+            key=$(echo "$line" | cut -d'=' -f1)
+            
+            # Apply filter if set
+            if [ -n "$FILTER_LIST" ]; then
+                 if [[ "$FILTER_LIST" != *",$key,"* ]]; then
+                     # echo "Skipping $key (not in allowlist)"
+                     continue
+                 fi
+            fi
+
             # Securely append to GITEA_ENV (using the environment file pattern if available, or simpler export approach)
             # Gitea Actions uses $GITHUB_ENV / $GITEA_ENV file pattern.
             echo "$line" >> $GITEA_ENV