diff --git a/action.yml b/action.yml
index c77d5fb..8c3d2c0 100644
--- a/action.yml
+++ b/action.yml
@@ -4,23 +4,23 @@ author: Jamie Schouten
 
 inputs:
   email:
-    description: 'Bitwarden email'
+    description: "Bitwarden email"
     required: true
   password:
-    description: 'Bitwarden password'
+    description: "Bitwarden password"
     required: true
   server:
-    description: 'Bitwarden server'
+    description: "Bitwarden server"
     required: false
     default: ${{ vars.WARDEN_URL }}
   client-id:
-    description: 'Bitwarden client id'
+    description: "Bitwarden client ID"
     required: true
   client-secret:
-    description: 'Bitwarden client secret'
+    description: "Bitwarden client secret"
     required: true
   secrets:
-    description: "One or more secret Ids to retrieve and the corresponding Gitea environment variable name to set"
+    description: "List of secret IDs and corresponding environment variable names (format: 'SECRET_ID > ENV_VAR')"
     required: true
 
 runs:
@@ -34,7 +34,7 @@ runs:
       shell: sh
       run: |
         bw login --apikey
-        echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> $GITHUB_ENV
+        echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> "$GITHUB_ENV"
       env:
         BW_CLIENTID: ${{ inputs.client-id }}
         BW_CLIENTSECRET: ${{ inputs.client-secret }}
@@ -42,24 +42,31 @@ runs:
     - name: Retrieve Requested Secrets
       shell: bash
       run: |
-        IFS=$'\n' read -d '' -r -a secret_pairs <<< "${{ inputs.secrets }}"
-        
-        for pair in "${secret_pairs[@]}"; do
-          SECRET_ID=$(echo "$pair" | cut -d'>' -f1 | xargs)
-          ENV_VAR=$(echo "$pair" | cut -d'>' -f2 | xargs)
-
-          if [[ -z "$SECRET_ID" || -z "$ENV_VAR" ]]; then
-            echo "❌ Invalid secret pair format: $pair"
-            continue
+          if [[ -z "$BW_SESSION" ]]; then
+            echo "❌ BW_SESSION is not set. Please log in to Bitwarden first."
+            exit 1
           fi
-          
-          echo "🔍 Retrieving secret: $SECRET_ID..."
-          SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
 
-          if [[ -n "$SECRET_VALUE" ]]; then
-            echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
-            echo "✅ Stored $SECRET_ID in $ENV_VAR"
-          else
-            echo "❌ Failed to retrieve secret: $SECRET_ID"
-          fi
-        done      
\ No newline at end of file
+          echo "${{ inputs.secrets }}" | while IFS='>' read -r SECRET_ID ENV_VAR; do
+              # Trim whitespace
+              SECRET_ID=$(echo "$SECRET_ID" | xargs)
+              ENV_VAR=$(echo "$ENV_VAR" | xargs)
+
+              # Validate input format
+              if [[ -z "$SECRET_ID" || -z "$ENV_VAR" ]]; then
+                  echo "❌ Invalid secret pair format: $SECRET_ID > $ENV_VAR"
+                  continue
+              fi
+
+              echo "🔍 Retrieving secret: $SECRET_ID..."
+              
+              # Fetch secret from Bitwarden
+              SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
+
+              if [[ -n "$SECRET_VALUE" ]]; then
+                  echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
+                  echo "✅ Stored $SECRET_ID in $ENV_VAR"
+              else
+                  echo "❌ Failed to retrieve secret: $SECRET_ID"
+              fi
+          done