diff --git a/CHANGELOG.md b/CHANGELOG.md
index 556fc8c..fe411bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Escape environment variables set on pot - this might break existing workarounds in jobs (#43)
+
 ## [0.9.0] - 2022-09-11
 
 ### Added
diff --git a/driver/prepare.go b/driver/prepare.go
index e4ee1d5..fe6fba0 100644
--- a/driver/prepare.go
+++ b/driver/prepare.go
@@ -9,6 +9,7 @@ import (
 	"strconv"
 	"strings"
 
+        "github.com/alessio/shellescape"
 	"github.com/hashicorp/consul-template/signals"
 	"github.com/hashicorp/nomad/client/lib/fifo"
 	"github.com/hashicorp/nomad/plugins/drivers"
@@ -127,7 +128,7 @@ func prepareContainer(cfg *drivers.TaskConfig, taskCfg TaskConfig) (syexec, erro
 	if len(cfg.EnvList()) > 0 {
 		command := potBIN + " set-env -p " + potName + " "
 		for name, env := range cfg.Env {
-			command = command + " -E " + name + "=" + env
+			command = command + " -E " + shellescape.Quote(name) + "=" + shellescape.Quote(env)
 		}
 		argvEnv := command
 		se.argvEnv = argvEnv
diff --git a/go.mod b/go.mod
index 0b2efb8..2d217cb 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/NVIDIA/gpu-monitoring-tools v0.0.0-20191126014920-0d8df858cca4 // indirect
 	github.com/Sirupsen/logrus v0.0.0-00010101000000-000000000000 // indirect
 	github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
+	github.com/alessio/shellescape v1.4.2 // indirect
 	github.com/appc/spec v0.8.11 // indirect
 	github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect
 	github.com/checkpoint-restore/go-criu v0.0.0-20191125063657-fcdcd07065c5 // indirect
diff --git a/go.sum b/go.sum
index 4a7017e..d494501 100644
--- a/go.sum
+++ b/go.sum
@@ -148,6 +148,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0=
+github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=