action.yml

@@ -28,7 +28,7 @@ runs:
   steps:
     - name: Configure Bitwarden Server
       shell: sh
-      run: bw config server ${{ inputs.server }}
+      run: bw config server "${{ inputs.server }}"
 
     - name: Unlock Vault
       shell: sh
@@ -36,36 +36,34 @@ runs:
         bw login --apikey
         echo "BW_SESSION=$(bw unlock '${{ inputs.password }}' --raw)" >> "$GITHUB_ENV"
       env:
-        BW_CLIENTID: ${{ inputs.client-id }}
-        BW_CLIENTSECRET: ${{ inputs.client-secret }}
+        BW_CLIENTID: "${{ inputs.client-id }}"
+        BW_CLIENTSECRET: "${{ inputs.client-secret }}"
 
     - name: Retrieve Requested Secrets
       shell: bash
       run: |
-          if [[ -z "$BW_SESSION" ]]; then
-            echo "❌ BW_SESSION is not set. Please log in to Bitwarden first."
-            exit 1
-          fi
-
-          echo "${{ inputs.secrets }}" | while IFS='>' read -r SECRET_ID ENV_VAR; do
+        if [[ -z "$BW_SESSION" ]]; then
+          echo "❌ BW_SESSION is not set. Please log in to Bitwarden first."
+          exit 1
+        fi
 
+        echo "${{ inputs.secrets }}" | while IFS='>' read -r SECRET_ID ENV_VAR; do
+          # Trim whitespace
           SECRET_ID=$(echo "$SECRET_ID" | xargs)
           ENV_VAR=$(echo "$ENV_VAR" | xargs)
 
           # Skip empty or invalid lines
           if [[ -z "$SECRET_ID" || -z "$ENV_VAR" ]]; then
-              continue
+            continue
           fi
 
           echo "🔍 Retrieving secret: $SECRET_ID..."
           SECRET_VALUE=$(bw get notes "$SECRET_ID" --session "$BW_SESSION" 2>/dev/null)
 
           if [[ -n "$SECRET_VALUE" ]]; then
-              echo "$ENV_VAR=$SECRET_VALUE" >> "$GITHUB_ENV"
-              echo "✅ Stored $SECRET_ID in $ENV_VAR"
+            echo "$ENV_VAR=\"$SECRET_VALUE\"" >> "$GITHUB_ENV"
+            echo "✅ Stored $SECRET_ID in $ENV_VAR"
           else
-              echo "❌ Failed to retrieve secret: $SECRET_ID"
+            echo "❌ Failed to retrieve secret: $SECRET_ID"
           fi
-      done
-
-
+        done