diff --git a/salt/common/tools/sbin/so-import-evtx b/salt/common/tools/sbin/so-import-evtx
index 83815eecd..04295adc9 100755
--- a/salt/common/tools/sbin/so-import-evtx
+++ b/salt/common/tools/sbin/so-import-evtx
@@ -21,7 +21,7 @@
 {%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
 {%- set URLBASE = salt['pillar.get']('global:url_base') %}
 {% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{% set ES_PW = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+{% set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 
 INDEX_DATE=$(date +'%Y.%m.%d')
 RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
@@ -42,7 +42,7 @@ function evtx2es() {
   EVTX=$1
   HASH=$2
   
-  ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
+  ES_PASS=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
   ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch")
 
   docker run --rm \
@@ -51,7 +51,7 @@ function evtx2es() {
     {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \
     --host {{ MANAGERIP }} --scheme https \
     --index so-beats-$INDEX_DATE --pipeline import.wel \
-    --login $ES_USER --pwd $ES_PW \
+    --login $ES_USER --pwd "$ES_PASS" \
     "/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1
 
   docker run --rm \
diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml
index 5ec4bdc5f..2f9b44dbc 100644
--- a/salt/curator/files/curator.yml
+++ b/salt/curator/files/curator.yml
@@ -19,8 +19,8 @@ client:
     - {{elasticsearch}}
   port: 9200
 {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
-  username: {{ ES_USER }}
-  password: {{ ES_PASS }}
+  username: "{{ ES_USER }}"
+  password: "{{ ES_PASS }}"
 {%- endif %}
   url_prefix:
   use_ssl: True
diff --git a/salt/elastalert/defaults.yaml b/salt/elastalert/defaults.yaml
index 9bfb4f188..819a3cbbd 100644
--- a/salt/elastalert/defaults.yaml
+++ b/salt/elastalert/defaults.yaml
@@ -22,8 +22,8 @@ elastalert:
     verify_certs: false
     #es_send_get_body_as: GET
 {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
-    es_username: {{ ES_USER }}
-    es_password: {{ ES_PASS }}
+    es_username: "{{ ES_USER }}"
+    es_password: "{{ ES_PASS }}"
 {%- endif %}
     writeback_index: elastalert_status
     alert_time_limit: