diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml
index 13dbafc595..9bf027d3de 100644
--- a/.github/workflows/verify-release.yml
+++ b/.github/workflows/verify-release.yml
@@ -94,7 +94,7 @@ jobs:
       - name: Download public key
         env:
           FINGERPRINT: "0x689DAD778FF08760E046228BA978220305CD5C32"
-        run: "gpg --keyserver hkps://keys.openpgp.org --recv-keys $FINGERPRINT"
+        run: "gpg --keyserver hkps://keys.openpgp.org --recv-keys "$FINGERPRINT""
 
       - name: Verify signature of the PHAR file
         run: gpg --verify ${{ steps.source.outputs.FILE }}.asc ${{ steps.source.outputs.FILE }}