diff --git a/src/zlevis-encrypt b/src/zlevis-encrypt
index 5099a65..d9a06ed 100755
--- a/src/zlevis-encrypt
+++ b/src/zlevis-encrypt
@@ -186,7 +186,7 @@ trap 'rm -f "$tmp_primary_context" "$tmp_pcr_policy" "$tmp_jwk_pub" "$tmp_jwk_pr
 
 # Create the TPM2 object for the JWK
 case "$tpm2tools_version" in
-    4|5) printf "%s" "$jwk" | tpm2_create -Q -g "$hash" -C "$tmp_primary_context" -u "$tmp_jwk_pub" -r "$tmp_jwk_priv" -a "$obj_attr" -L "$policy_options" -i- || fail=$?;;
+	4|5) printf "%s" "$jwk" | tpm2_create -Q -g "$hash" -C "$tmp_primary_context" -u "$tmp_jwk_pub" -r "$tmp_jwk_priv" -a "$obj_attr" -L "${policy_options[@]}" -i- || fail=$?;;
     *) fail=1;;
 esac
 if [ -n "$fail" ]; then
@@ -230,4 +230,4 @@ jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$jwk_priv" -s jwk_p
 (echo "$jwe$jwk$(/bin/cat)") | jose jwe enc -i- -k- -I- -c
 
 # Exit with the status of the last command
-exit $?
\ No newline at end of file
+exit $?