diff --git a/clanModules/user-password/default.nix b/clanModules/user-password/default.nix
index 74c5bdf5..6fd650ff 100644
--- a/clanModules/user-password/default.nix
+++ b/clanModules/user-password/default.nix
@@ -38,9 +38,9 @@
       ];
       generator.script = ''
         if [[ -n $prompt_value ]]; then
-          echo $prompt_value > $secrets/user-password
+          echo $prompt_value | tr -d '\n' > $secrets/user-password
         else
-          xkcdpass --numwords 3 --delimiter - --count 1 > $secrets/user-password
+          xkcdpass --numwords 3 --delimiter - --count 1 | tr -d '\n' > $secrets/user-password
         fi
         cat $secrets/user-password | mkpasswd -s -m sha-512 > $secrets/user-password-hash
       '';
diff --git a/pkgs/clan-cli/tests/test_secrets_generate.py b/pkgs/clan-cli/tests/test_secrets_generate.py
index a67db702..55ae9c94 100644
--- a/pkgs/clan-cli/tests/test_secrets_generate.py
+++ b/pkgs/clan-cli/tests/test_secrets_generate.py
@@ -93,9 +93,11 @@ def test_generate_secret(
     assert is_valid_ssh_key(ssh_secret, ssh_pub)
 
     pwd_secret = decrypt_secret(test_flake_with_core.path, "vm1-password")
+    # remove last newline
+    pwd_secret = pwd_secret[:-1]
     assert pwd_secret.isprintable()
     assert pwd_secret.isascii()
-    assert not pwd_secret.endswith("\n")
+
 
     # test idempotency for vm1 and also generate for vm2
     cli.run(["facts", "generate", "--flake", str(test_flake_with_core.path)])