diff --git a/test/scripts/run-e2e-gcp.sh b/test/scripts/run-e2e-gcp.sh
index da1d31dfb..1edb43e93 100755
--- a/test/scripts/run-e2e-gcp.sh
+++ b/test/scripts/run-e2e-gcp.sh
@@ -25,7 +25,7 @@ function boskosctlwrapper() {
 }
 
 cleanup() {
-    gcloud beta secrets delete ${SECRET_ID} --quiet
+    gcloud beta secrets delete "${SECRET_ID}" --quiet
     # stop boskos heartbeat
     if [ -n "${BOSKOS_HOST:-}" ]; then
         boskosctlwrapper release --name "${RESOURCE_NAME}" --target-state dirty
@@ -51,9 +51,12 @@ main() {
     # Aquire a project from boskos pool, test will use secret created on this aquired project
     if [ -n "${BOSKOS_HOST:-}" ]; then
         echo "Boskos acquire - ${BOSKOS_HOST}"
-        export BOSKOS_RESOURCE="$( boskosctlwrapper acquire --type gce-project --state free --target-state busy --timeout 1h )"
-        export RESOURCE_NAME=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
-        export GCP_PROJECT=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
+        BOSKOS_RESOURCE="$( boskosctlwrapper acquire --type gce-project --state free --target-state busy --timeout 1h )"
+        export BOSKOS_RESOURCE
+        RESOURCE_NAME=$(echo "$BOSKOS_RESOURCE" | jq -r ".name")
+        export RESOURCE_NAME
+        GCP_PROJECT=$(echo "$BOSKOS_RESOURCE" | jq -r ".name")
+        export GCP_PROJECT
 
         # send a heartbeat in the background to keep the lease while using the resource
         echo "Starting Boskos HeartBeat"
@@ -61,20 +64,23 @@ main() {
     fi
 
     echo "Using project ${GCP_PROJECT}"
-    gcloud config set project ${GCP_PROJECT}
+    gcloud config set project "${GCP_PROJECT}"
 
     # create a secret in the aquired project 
-    export SECRET_ID="test-secret-$(openssl rand -hex 4)"
+    SECRET_ID="test-secret-$(openssl rand -hex 4)"
+    export SECRET_ID
     export SECRET_VALUE="secret-a"
-    echo -n ${SECRET_VALUE} | gcloud beta secrets create ${SECRET_ID} --data-file=- --ttl=1800s --quiet
+    echo -n ${SECRET_VALUE} | gcloud beta secrets create "${SECRET_ID}" --data-file=- --ttl=1800s --quiet
 
-    export SECRET_PROJECT_ID="$(gcloud config get project)"
-    export SECRET_PROJECT_NUMBER="$(gcloud projects describe $SECRET_PROJECT_ID --format='value(projectNumber)')"
+    SECRET_PROJECT_ID="$(gcloud config get project)"
+    export SECRET_PROJECT_ID
+    SECRET_PROJECT_NUMBER="$(gcloud projects describe "$SECRET_PROJECT_ID" --format='value(projectNumber)')"
+    export SECRET_PROJECT_NUMBER
 
     export SECRET_URI="projects/${SECRET_PROJECT_NUMBER}/secrets/${SECRET_ID}/versions/latest"
 
     # Prow jobs are executed by `k8s-infra-prow-build.svc.id.goog` in test-pods namespace, so grant the access to the secret
-    gcloud secrets add-iam-policy-binding ${SECRET_ID} \
+    gcloud secrets add-iam-policy-binding "${SECRET_ID}" \
     --role=roles/secretmanager.secretAccessor \
     --member=principalSet://iam.googleapis.com/projects/773781448124/locations/global/workloadIdentityPools/k8s-infra-prow-build.svc.id.goog/namespace/test-pods