diff --git a/lib/secret.sh b/lib/secret.sh
index 8c243ea..8e3ba48 100644
--- a/lib/secret.sh
+++ b/lib/secret.sh
@@ -12,12 +12,13 @@
 
 # ------------------------------------------------------------------------------
 # Passbolt
-get_passbolt_secret() {
+get_passbolt_secret()
+{
     local name="$1" secret
 
     if ! command -v passbolt >/dev/null 2>&1; then
         prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
-        return 3
+        die 22
     fi
 
     # Exemple basé sur CLI Passbolt + jq
@@ -26,26 +27,28 @@ get_passbolt_secret() {
 
     if [[ -z "$secret" || "$secret" == "null" ]]; then
         prnt E "Secret '$name' not found in Passbolt."
-        return 4
+        die 23
     fi
 
     printf '%s' "$secret"
 }
+export -f get_passbolt_secret
 # ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
 # File
-get_file_secret() {
+get_file_secret()
+{
     local path="$1" secret
 
     if [[ -z "$path" ]]; then
         prnt E "get_file_secret: missing path"
-        return 5
+        die 10
     fi
     if [[ ! -r "$path" ]]; then
         prnt E "get_file_secret: '$path' not readable"
-        return 6
+        die 24
     fi
 
     secret=$(<"$path")
@@ -53,21 +56,23 @@ get_file_secret() {
     secret="${secret%$'\n'}"
     printf '%s' "$secret"
 }
+export -f get_file_secret
 # ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
 # Environment variable
-get_var_secret() {
+get_var_secret()
+{
     local var="$1" secret
 
     if [[ -z "$var" ]]; then
         prnt E "get_var_secret: missing variable name"
-        return 7
+        die 25
     fi
     if ! printenv "$var" >/dev/null 2>&1; then
         prnt E "get_var_secret: variable '$var' not set"
-        return 8
+        die 25
     fi
 
     secret="$(printenv "$var")"
@@ -75,18 +80,20 @@ get_var_secret() {
     secret="${secret%$'\n'}"
     printf '%s' "$secret"
 }
+export -f get_var_secret
 # ------------------------------------------------------------------------------
 
 # ------------------------------------------------------------------------------
 # Main dispatcher
 # Usage: fetch_secret "scheme:identifier"
-fetch_secret() {
+fetch_secret()
+{
     local ref="$1"
     local scheme identifier func
 
     if [[ -z "$ref" ]]; then
         prnt E "fetch_secret: no reference provided"
-        return 1
+        die 26
     fi
 
     # par défaut, si pas de scheme -> "file"
@@ -102,7 +109,7 @@ fetch_secret() {
 
     if ! declare -f "$func" >/dev/null 2>&1; then
         prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
-        return 2
+        die 27
     fi
 
     "$func" "$identifier"