action.yml

@@ -28,7 +28,7 @@ runs:
   steps:
     - name: Configure Bitwarden Server
       shell: sh
-      run: bw config server ${{ inputs.server }}
+      run: bw config server "${{ inputs.server }}"
 
     - name: Unlock Vault
       shell: sh
@@ -36,8 +36,8 @@ runs:
         bw login --apikey
         echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> "$GITHUB_ENV"
       env:
-        BW_CLIENTID: ${{ inputs.client-id }}
-        BW_CLIENTSECRET: ${{ inputs.client-secret }}
+        BW_CLIENTID: "${{ inputs.client-id }}"
+        BW_CLIENTSECRET: "${{ inputs.client-secret }}"
 
     - name: Retrieve Requested Secrets
       shell: bash
@@ -48,7 +48,7 @@ runs:
         fi
 
         echo "${{ inputs.secrets }}" | while IFS='>' read -r SECRET_ID ENV_VAR; do
-
+          # Trim whitespace
           SECRET_ID=$(echo "$SECRET_ID" | xargs)
           ENV_VAR=$(echo "$ENV_VAR" | xargs)
 
@@ -61,11 +61,9 @@ runs:
           SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
 
           if [[ -n "$SECRET_VALUE" ]]; then
-              echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
+            echo "$ENV_VAR=\"$SECRET_VALUE\"" >> "$GITHUB_ENV"
             echo "✅ Stored $SECRET_ID in $ENV_VAR"
           else
             echo "❌ Failed to retrieve secret: $SECRET_ID"
           fi
         done
-
-