为什么某些命令用单引号引起了错误的包装？

[通过查看set -x输出，在cut用单引号引起来之后，会出现3个命令。看脚本，它们不应该；在它们之前应加+运算符。

这当然假设有几件事：

1. 这与保管库无关，与怪异的Bash行为有关
2. kubectl port-forward已成功执行
3. 保管库已初始化，可以开封了

为什么这些命令用单引号引起来？

某些因素：

• 在macOS Mojave上发生
• 通过自制软件安装/升级的GNU Bash
• 使用macOS终端

#!/usr/bin/env bash                                                                
# https://www.vaultproject.io

export VAULT_ADDR='http://127.0.0.1:8200'
theJelly='/tmp/jelly.out'
podVault='vault-0'

###---
### Unseal
###---
echo "Unsealing the Vault..."
set -x
unsealKey="$(grep Unseal $theJelly | cut -d' ' -f4)"
echo "$unsealKey"
kubectl exec -t "$podVault" -- vault operator unseal "$unsealKey"


vault status


######################################################################################
# OUTPUT
# Why are the commands (after cut) preceded with a single quote?
######################################################################################
$ sudo /var/tmp/vaultest.sh
Unsealing the Vault...
++ grep Unseal /tmp/jelly.out
++ cut '-d ' -f4
' unsealKey='blah=                                        # <-- why ' unsealKey=' ?
' echo 'blah=                                             # <-- why ' echo '
blah=
' kubectl exec -t vault-0 -- vault operator unseal 'blah= # <-- why ' kubectl ... '
The connection to the server localhost:8080 was refused - did you specify the right host or port?
+ vault status                                            # <-- then it's okay again?!
Key                Value
---                -----
Seal Type          shamir
Initialized        true
Sealed             true
Total Shares       1
Threshold          1
Unseal Progress    0/1
Unseal Nonce       n/a
Version            1.3.2
HA Enabled         false

######################################################################################
# JELLY - just an ASCII text file
######################################################################################
HOST:~ tester$ cat -vte /tmp/jelly.out 
^[[0mUnseal Key 1: blah=^[[0m^M$
^[[0m^[[0m^M$
^[[0mInitial Root Token: s.FOO^[[0m^M$
^[[0m^[[0m^M$
^[[0mVault initialized with 1 key shares and a key threshold of 1. Please securely^M$
distribute the key shares printed above. When the Vault is re-sealed,^M$
restarted, or stopped, you must supply at least 1 of these keys to unseal it^M$
before it can start servicing requests.^[[0m^M$
^[[0m^[[0m^M$
^[[0mVault does not store the generated master key. Without at least 1 key to^M$
reconstruct the master key, Vault will remain permanently sealed!^[[0m^M$
^[[0m^[[0m^M$
^[[0mIt is possible to generate new unseal keys, provided you have a quorum of^M$
existing unseal keys shares. See "vault operator rekey" for more information.^[[0m^M$

如果这些操作（以下）是手动完成的，则它们完全可以工作；例如：（减去单引号）

kubectl exec -t vault-0 -- vault operator unseal blah=

一些诊断步骤：

• 创建了一个新用户来执行脚本；用户具有默认的环境变量。
• 已安装/升级的iTerm2可以尝试除终端机之外的其他操作
• 对于新的用户/终端仍然获得相同的结果。
• 编写具有类似操作的另一个脚本（将bash扩展分配给变量）

# similar script
$ cat /tmp/yo.sh
#!/usr/bin/env bash
set -x

yoOut='/tmp/yo.out'

yeOut="$(grep ye $yoOut | cut -d' ' -f4)"

echo "$yeOut"

# data file
$ cat /tmp/yo.out
ya
ye1 ye2 ye3 ye4
yi
yo
yu

# set -x output looks normal
$ /tmp/yo.sh
+ yoOut=/tmp/yo.out
++ grep ye /tmp/yo.out
++ cut '-d ' -f4
+ yeOut=ye4
+ echo ye4
ye4

这是我们期望输出看起来的样子。

[请帮助，这个问题使我发疯。