Deferred, sprint, exec, and an exclamation point in the string

[Bob Negri]

I have been trying to replace my eyaml stored secret with a vault_lookup call to HashiCorp Vault. As far as I can tell, getting the password out of Vault is the easy part.

The password has an exclamation point. I think the command I'm trying to execute via the exec resource type is getting mangled.

$command = Deferred(

  'sprints',

  ["gpg --no-ttp --batch --passphrase '%s' other stuff", $hash_with_one_password],

)

exec { 'call-gpg':

  command => $command,

  creates      => "/path/to/my/file',

}

Is there a way to ensure the password is getting processed despite the presence of the exclamation point? When I stripped the surrounding single quotes, everything that followed the exclamation point was treated as an argument, which is not correct.

Thanks!