From 1ace8daa87c9a0954c904cdb513563d3e025bdbf Mon Sep 17 00:00:00 2001
From: Tony <wongtonyb@gmail.com>
Date: Fri, 30 Jan 2026 15:36:10 -0500
Subject: [PATCH] cr;

---
 testing/internal/e2e/vault/vault.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/testing/internal/e2e/vault/vault.go b/testing/internal/e2e/vault/vault.go
index 9cc9cedb22..0df2a0a9b8 100644
--- a/testing/internal/e2e/vault/vault.go
+++ b/testing/internal/e2e/vault/vault.go
@@ -295,10 +295,11 @@ func CreateKvPasswordCredential(t testing.TB, secretPath string, user string, pr
 	}
 
 	// Escape '@' when prefixed to password. Vault CLI interprets '@' as a file
+	var passwordArg string
 	if strings.HasPrefix(password, "@") {
-		password = fmt.Sprintf("password=\\%s", password)
+		passwordArg = fmt.Sprintf("\\%s", password)
 	} else {
-		password = fmt.Sprintf("password=%s", password)
+		passwordArg = password
 	}
 
 	// Create secret
@@ -308,7 +309,7 @@ func CreateKvPasswordCredential(t testing.TB, secretPath string, user string, pr
 			"-mount", secretPath,
 			secretName,
 			fmt.Sprintf("username=%s", user),
-			password,
+			fmt.Sprintf("password=%s", passwordArg),
 		),
 	)
 	require.NoError(t, output.Err, string(output.Stderr))
@@ -346,10 +347,11 @@ func CreateKvPasswordDomainCredential(t testing.TB, secretPath string, user stri
 	}
 
 	// Escape '@' when prefixed to password. Vault CLI interprets '@' as a file
+	var passwordArg string
 	if strings.HasPrefix(password, "@") {
-		password = fmt.Sprintf("password=\\%s", password)
+		passwordArg = fmt.Sprintf("\\%s", password)
 	} else {
-		password = fmt.Sprintf("password=%s", password)
+		passwordArg = password
 	}
 
 	// Create secret
@@ -359,7 +361,7 @@ func CreateKvPasswordDomainCredential(t testing.TB, secretPath string, user stri
 			"-mount", secretPath,
 			secretName,
 			fmt.Sprintf("username=%s", user),
-			password,
+			fmt.Sprintf("password=%s", passwordArg),
 			fmt.Sprintf("domain=%s", domain),
 		),
 	)