diff --git a/.github/workflows/build-git-installers.yml b/.github/workflows/build-git-installers.yml
index 94301be6ea3cd8..e9d7b7eb2ebbde 100644
--- a/.github/workflows/build-git-installers.yml
+++ b/.github/workflows/build-git-installers.yml
@@ -780,8 +780,8 @@ jobs:
       - name: Download GPG public key signature file
         run: |
           az keyvault secret show --name "$GPG_PUBLIC_KEY_SECRET_NAME" \
-            --vault-name "$AZURE_VAULT" --query "value" \
-            | sed -e 's/^"//' -e 's/"$//' | base64 -d >msft-git-public.asc
+            --vault-name "$AZURE_VAULT" --query "value" --output tsv |
+            base64 -d >msft-git-public.asc
           mv msft-git-public.asc deb-package
 
       - uses: actions/github-script@v6
diff --git a/.github/workflows/release-winget.yml b/.github/workflows/release-winget.yml
index 9ee86c84263280..b8aa6d98fe163a 100644
--- a/.github/workflows/release-winget.yml
+++ b/.github/workflows/release-winget.yml
@@ -54,5 +54,5 @@ jobs:
 
           # Submit manifests
           $manifestDirectory = Split-Path "$manifestPath"
-          .\wingetcreate.exe submit -t "(az keyvault secret show --name ${{ secrets.WINGET_TOKEN_SECRET_NAME }} --vault-name ${{ secrets.AZURE_VAULT }} --query "value")" $manifestDirectory
+          .\wingetcreate.exe submit -t "(az keyvault secret show --name ${{ secrets.WINGET_TOKEN_SECRET_NAME }} --vault-name ${{ secrets.AZURE_VAULT }} --query "value" --output tsv)" $manifestDirectory
         shell: powershell