diff --git a/kolla_cli/api/password.py b/kolla_cli/api/password.py
index d9ead72..182f227 100644
--- a/kolla_cli/api/password.py
+++ b/kolla_cli/api/password.py
@@ -23,6 +23,7 @@ from kolla_cli.common.passwords import init_passwords
 from kolla_cli.common.passwords import set_password
 from kolla_cli.common.passwords import set_password_sshkey
 from kolla_cli.common.utils import check_arg
+from kolla_cli.common.utils import disallow_chars
 
 
 class PasswordApi(object):
@@ -36,9 +37,13 @@ class PasswordApi(object):
         :param value: value of the password
         :type value: string
         """
-        check_arg(name, u._('Password name'), str)
-        check_arg(value, u._('Password value'), str, display_param=False,
+        password_name_string = u._('Password name')
+        password_value_string = u._('Password value')
+        check_arg(name, password_name_string, str)
+        disallow_chars(name, password_name_string, '\'')
+        check_arg(value, password_value_string, str, display_param=False,
                   empty_ok=True, none_ok=True)
+        disallow_chars(value, password_value_string, '\'')
         set_password(name, value)
 
     def password_set_sshkey(self, name, private_key, public_key):
@@ -52,9 +57,15 @@ class PasswordApi(object):
         :param public_key: ssh public key
         :type value: string
         """
-        check_arg(name, u._('Password name'), str)
-        check_arg(private_key, u._('Private key'), str, display_param=False)
-        check_arg(public_key, u._('Public key'), str, display_param=False)
+        password_name_string = u._('Password name')
+        private_key_string = u._('Private key')
+        public_key_string = u._('Public key')
+        check_arg(name, password_name_string, str)
+        disallow_chars(name, password_name_string, '\'')
+        check_arg(private_key, private_key_string, str, display_param=False)
+        disallow_chars(private_key, private_key_string, '\'')
+        check_arg(public_key, public_key_string, str, display_param=False)
+        disallow_chars(public_key, public_key_string, '\'')
         set_password_sshkey(name, private_key, public_key)
 
     def password_clear(self, name):
@@ -64,7 +75,9 @@ class PasswordApi(object):
         :param name: name of the password
         :type name: string
         """
-        check_arg(name, u._('Password name'), str)
+        password_name_string = u._('Password name')
+        check_arg(name, password_name_string, str)
+        disallow_chars(name, password_name_string, '\'')
         clear_password(name)
 
     def password_get_names(self):
diff --git a/kolla_cli/common/passwords.py b/kolla_cli/common/passwords.py
index b93540f..eba4f10 100644
--- a/kolla_cli/common/passwords.py
+++ b/kolla_cli/common/passwords.py
@@ -31,8 +31,8 @@ def set_password(pwd_key, pwd_value):
     if not pwd_value:
         pwd_value = ''
         value_switch = ''
-    cmd = '%s -k %s %s %s' % (_get_cmd_prefix(), pwd_key, value_switch,
-                              pwd_value)
+    cmd = '%s -k \'%s\' %s \'%s\'' % (_get_cmd_prefix(), pwd_key, value_switch,
+                                      pwd_value)
     err_msg, output = utils.run_cmd(cmd, print_output=False)
     if err_msg:
         raise FailedOperation(
@@ -41,8 +41,8 @@ def set_password(pwd_key, pwd_value):
 
 
 def set_password_sshkey(pwd_key, private_key, public_key):
-    cmd = '%s -k %s -r "%s" -u "%s"' % (_get_cmd_prefix(), pwd_key,
-                                        private_key, public_key)
+    cmd = '%s -k \'%s\' -r \'%s\' -u \'%s\'' % (_get_cmd_prefix(), pwd_key,
+                                                private_key, public_key)
     err_msg, output = utils.run_cmd(cmd, print_output=False)
     if err_msg:
         raise FailedOperation(
@@ -55,7 +55,7 @@ def clear_password(pwd_key):
 
     if the password exists, it will be removed from the passwords file
     """
-    cmd = '%s -k %s -c' % (_get_cmd_prefix(), pwd_key)
+    cmd = '%s -k \'%s\' -c' % (_get_cmd_prefix(), pwd_key)
     err_msg, output = utils.run_cmd(cmd, print_output=False)
     if err_msg:
         raise FailedOperation('%s %s' % (err_msg, output))
diff --git a/kolla_cli/common/utils.py b/kolla_cli/common/utils.py
index 672434f..e4029d4 100644
--- a/kolla_cli/common/utils.py
+++ b/kolla_cli/common/utils.py
@@ -140,7 +140,6 @@ def run_cmd(cmd, print_output=True):
                 not None=command failed
     - output:   string: all the output of the run command
     """
-    err = None
     output = None
     try:
         process = subprocess.Popen(cmd, shell=True,  # nosec
@@ -441,6 +440,17 @@ def check_arg(param, param_name, expected_type, none_ok=False, empty_ok=False,
                                           type=expected_type))
 
 
+def disallow_chars(param, param_name, chars):
+    if param is None:
+        return
+
+    for char in chars:
+        if char in param:
+            raise InvalidArgument(
+                u._('{name} contains invalid character {chars}')
+                .format(name=param_name, chars=chars))
+
+
 class Lock(object):
     """Object which represents an exclusive resource lock