diff --git a/templates/barbican/bin/generate_pkcs11_keys.sh b/templates/barbican/bin/generate_pkcs11_keys.sh
index 7fe89ef8..93200ac7 100755
--- a/templates/barbican/bin/generate_pkcs11_keys.sh
+++ b/templates/barbican/bin/generate_pkcs11_keys.sh
@@ -13,15 +13,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-set -xe
+set -e
 
 {{- if and (index . "PKCS11Enabled") .PKCS11Enabled }}
 
-eval mkek_label=$(crudini --get /etc/barbican/barbican.conf.d/01-custom.conf p11_crypto_plugin mkek_label)
+mkek_label=$(crudini --get /etc/barbican/barbican.conf.d/01-custom.conf p11_crypto_plugin mkek_label)
 echo "Creating  MKEK label $mkek_label"
-barbican-manage hsm check_mkek --label $mkek_label || barbican-manage hsm gen_mkek --label $mkek_label
+barbican-manage hsm check_mkek --label "$mkek_label" || barbican-manage hsm gen_mkek --label "$mkek_label"
 
-eval hmac_label=$(crudini --get /etc/barbican/barbican.conf.d/01-custom.conf p11_crypto_plugin hmac_label)
+hmac_label=$(crudini --get /etc/barbican/barbican.conf.d/01-custom.conf p11_crypto_plugin hmac_label)
 echo "Creating  HMAC label $hmac_label"
-barbican-manage hsm check_hmac --label $hmac_label || barbican-manage hsm gen_hmac --label $hmac_label
+barbican-manage hsm check_hmac --label "$hmac_label" || barbican-manage hsm gen_hmac --label "$hmac_label"
 {{- end }}