diff --git a/.github/actions/extract-1password-secret/action.yml b/.github/actions/extract-1password-secret/action.yml
index ad3c7ceb91..a429047b1d 100644
--- a/.github/actions/extract-1password-secret/action.yml
+++ b/.github/actions/extract-1password-secret/action.yml
@@ -24,11 +24,10 @@ runs:
       env:
         key_values: ${{ inputs.ONE_PASSWORD_SECRET_REFERENCES }}
       run: |
-        keys="${{ inputs.keys }}"
+        keys=$(echo "${{ inputs.keys }}" | tr ',' ' ')
         for key in $keys; do
-           variable_name=$key
-           value=$(echo "$key_values" | grep "^$key *=" | cut -d'=' -f2- | sed 's/^ *//;s/[ \r]*$//')
-           echo "key = $key"
+           variable_name=$(echo "$key" | sed 's/^ *//;s/ *$//')
+           value=$(echo "$key_values" | grep "^$variable_name *=" | cut -d'=' -f2- | sed 's/^ *//;s/[ \r]*$//')
            echo "value = $value"
            echo "variable_name = $variable_name"
            echo "$variable_name=$value" >> $GITHUB_ENV
diff --git a/.github/workflows/secret_refs.yml b/.github/workflows/secret_refs.yml
index 98cfd33f94..cc7d45a985 100644
--- a/.github/workflows/secret_refs.yml
+++ b/.github/workflows/secret_refs.yml
@@ -16,7 +16,7 @@ jobs:
         uses: ./.github/actions/extract-1password-secret
         with:
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} # This is required to connect to the vault in our 1Password account.
-          keys: 'MAVEN_GPG_PASSPHRASE MAVEN_GPG_PRIVATE_KEY GITHUB_GENERIC_ACTION_CREDENTIALS qaz'
+          keys: 'MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, GITHUB_GENERIC_ACTION_CREDENTIALS, qaz'
           ONE_PASSWORD_SECRET_REFERENCES: ${{ vars.ONE_PASSWORD_SECRET_REFERENCES }}
 
       - name: Use extracted value