diff --git a/.github/workflows/tests/test_ci.sh b/.github/workflows/tests/test_ci.sh
index aaad26820b..72e5a98565 100644
--- a/.github/workflows/tests/test_ci.sh
+++ b/.github/workflows/tests/test_ci.sh
@@ -7,7 +7,7 @@ set -e
 ########################################
 
 # TODO read personal access token
-# read -p
+# read -erp
 # GITHUB_TOKEN=input
 # Feed to act using -s flag: -s GITHUB_TOKEN=input_personal_access_token
 
diff --git a/nginx/container-entrypoint.sh b/nginx/container-entrypoint.sh
index 6bda9b35f4..40e3ebedbe 100644
--- a/nginx/container-entrypoint.sh
+++ b/nginx/container-entrypoint.sh
@@ -27,8 +27,8 @@ done
 
 # Check if the timeout was reached
 if [ $timeout -eq 0 ]; then
-  echo "NGINX did not start within the timeout."
-  exit 1
+    echo "NGINX did not start within the timeout."
+    exit 1
 fi
 
 # Check if FMTM_DOMAIN is set
@@ -63,7 +63,7 @@ if [ -n "${FMTM_S3_DOMAIN}" ]; then
 fi
 
 # Run certbot with the constructed arguments
-echo "Running command: certbot --non-interactive certonly ${certbot_args[@]}"
+echo "Running command: certbot --non-interactive certonly ${certbot_args[*]}"
 certbot --non-interactive certonly "${certbot_args[@]}"
 echo "Certificate generated under: /etc/letsencrypt/live/${FMTM_DOMAIN}/"
 
diff --git a/scripts/gen-env.sh b/scripts/gen-env.sh
index 4f7374df45..1fbc35b874 100644
--- a/scripts/gen-env.sh
+++ b/scripts/gen-env.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-DOTENV_PATH=.env
+DOTENV_NAME=.env
 IS_TEST=false
 BRANCH_NAME=
 
@@ -41,7 +41,7 @@ install_envsubst_if_missing() {
     else
         echo "Downloading a8m/envsubst"
         echo
-        curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
+        curl -L "https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-$(uname -s)-$(uname -m)" -o envsubst
         chmod +x envsubst
     fi
 }
@@ -51,12 +51,10 @@ check_if_test() {
 
     echo "Is this a test deployment?"
     echo
-    while true
-    do
-        read -e -p "Enter 'y' if yes, anything else to continue: " test
+    while true; do
+        read -erp "Enter 'y' if yes, anything else to continue: " test
 
-        if [[ "$test" = "y" || "$test" = "yes" ]]
-        then
+        if [[ "$test" = "y" || "$test" = "yes" ]]; then
             IS_TEST=true
             export DEBUG=True
             export LOG_LEVEL="DEBUG"
@@ -72,48 +70,18 @@ check_if_test() {
 }
 
 check_existing_dotenv() {
-    if [ -f "${DOTENV_PATH}" ]
-    then
-        echo "WARNING: ${DOTENV_PATH} file already exists."
-        echo "This script will overwrite the content of this file."
-        echo
-        echo "Do you want to overwrite "${DOTENV_PATH}"? y/n"
-        until [ "$overwrite" = "y" -o "$overwrite" = "n" ]
-        do
-            read -e -p "Enter 'y' to overwrite, anything else to continue: " overwrite
-
-            if [ "$overwrite" = "y" ]
-            then
-                return 1
-            elif [ "$overwrite" = "n" ]
-            then
-                echo "Continuing with existing .env file."
-                return 0
-            else 
-                echo "Invalid input!"
-            fi
-        done
-    fi
-
-    return 1
-}
-
-check_existing_dotenv() {
-    if [ -f "${DOTENV_PATH}" ]
-    then
-        echo "WARNING: ${DOTENV_PATH} file already exists."
+    if [ -f "${DOTENV_NAME}" ]; then
+        echo "WARNING: ${DOTENV_NAME} file already exists."
         echo "This script will overwrite the content of this file."
         echo
-        echo "Do you want to overwrite file '"${DOTENV_PATH}"'? y/n"
+        printf "Do you want to overwrite file \'%s\'? y/n" "${DOTENV_NAME}"
         echo
-        while true
-        do
-            read -e -p "Enter 'y' to overwrite, anything else to continue: " overwrite
+        while true; do
+            read -erp "Enter 'y' to overwrite, anything else to continue: " overwrite
 
-            if [[ "$overwrite" = "y" || "$overwrite" = "yes" ]]
-            then
+            if [[ "$overwrite" = "y" || "$overwrite" = "yes" ]]; then
                 return 1
-            else 
+            else
                 echo "Continuing with existing .env file."
                 return 0
             fi
@@ -126,8 +94,7 @@ check_existing_dotenv() {
 set_deploy_env() {
     pretty_echo "Deployment Environment"
 
-    while true
-    do
+    while true; do
         echo "Which environment do you wish to run? (dev/staging/prod)"
         echo
         echo "Both dev & staging include ODK Central and S3 buckets."
@@ -136,7 +103,7 @@ set_deploy_env() {
         echo "- ODK Central"
         echo "- S3 Buckets"
         echo
-        read -e -p "Enter the environment (dev/staging/prod): " environment
+        read -erp "Enter the environment (dev/staging/prod): " environment
 
         case "$environment" in
             dev)
@@ -154,7 +121,7 @@ set_deploy_env() {
             *)
                 echo "Invalid environment name. Please enter dev, staging, or prod."
                 ;;
-        esac    
+        esac
     done
 }
 
@@ -162,7 +129,7 @@ set_external_odk() {
     pretty_echo "External ODK Central Host"
 
     echo "Please enter the ODKCentral URL."
-    read -e -p "ODKCentral URL: " ODK_CENTRAL_URL
+    read -erp "ODKCentral URL: " ODK_CENTRAL_URL
     echo
     export ODK_CENTRAL_URL=${ODK_CENTRAL_URL}
 
@@ -183,7 +150,7 @@ set_odk_user_creds() {
     pretty_echo "ODK User Credentials"
 
     echo "Please enter the ODKCentral Email."
-    read -e -p "ODKCentral Email: " ODK_CENTRAL_USER
+    read -erp "ODKCentral Email: " ODK_CENTRAL_USER
     echo
     export ODK_CENTRAL_USER=${ODK_CENTRAL_USER}
 
@@ -192,7 +159,7 @@ set_odk_user_creds() {
         echo
         echo "Note: this must be >10 characters long."
         echo
-        read -e -p "ODKCentral Password: " ODK_CENTRAL_PASSWD
+        read -erp "ODKCentral Password: " ODK_CENTRAL_PASSWD
         echo
 
         # Check the length of the entered password
@@ -211,38 +178,35 @@ check_external_database() {
     pretty_echo "External Database"
 
     echo "Do you want to use an external database instead of local?"
-    while true
-    do
-        read -e -p "Enter y for external, anything else to continue: " externaldb
+    while true; do
+        read -erp "Enter y for external, anything else to continue: " externaldb
 
-        if [ "$externaldb" = "y" ]
-        then
+        if [ "$externaldb" = "y" ]; then
             EXTERNAL_DB="True"
             echo "Using external database."
         fi
         break
     done
 
-    if [ "$EXTERNAL_DB" = "True" ]
-    then
+    if [ "$EXTERNAL_DB" = "True" ]; then
         echo
         echo "Please enter the database host."
-        read -e -p "FMTM DB Host: " FMTM_DB_HOST
+        read -erp "FMTM DB Host: " FMTM_DB_HOST
         echo
         export FMTM_DB_HOST=${FMTM_DB_HOST}
 
         echo "Please enter the database name."
-        read -e -p "FMTM DB Name: " FMTM_DB_NAME
+        read -erp "FMTM DB Name: " FMTM_DB_NAME
         echo
         export FMTM_DB_NAME=${FMTM_DB_NAME}
 
         echo "Please enter the database user."
-        read -e -p "FMTM DB User: " FMTM_DB_USER
+        read -erp "FMTM DB User: " FMTM_DB_USER
         echo
         export FMTM_DB_USER=${FMTM_DB_USER}
 
         echo "Please enter the database password."
-        read -e -p "FMTM DB Password: " FMTM_DB_PASSWORD
+        read -erp "FMTM DB Password: " FMTM_DB_PASSWORD
         echo
         export FMTM_DB_PASSWORD=${FMTM_DB_PASSWORD}
 
@@ -255,17 +219,17 @@ set_external_s3() {
     pretty_echo "S3 Credentials"
 
     echo "Please enter the S3 host endpoint."
-    read -e -p "S3 Endpoint: " S3_ENDPOINT
+    read -erp "S3 Endpoint: " S3_ENDPOINT
     echo
     export S3_ENDPOINT=${S3_ENDPOINT}
 
     echo "Please enter the access key."
-    read -e -p "S3 Access Key: " S3_ACCESS_KEY
+    read -erp "S3 Access Key: " S3_ACCESS_KEY
     echo
     export S3_ACCESS_KEY=${S3_ACCESS_KEY}
 
     echo "Please enter the secret key."
-    read -e -p "S3 Secret Key: " S3_SECRET_KEY
+    read -erp "S3 Secret Key: " S3_SECRET_KEY
     echo
     export S3_SECRET_KEY=${S3_SECRET_KEY}
 
@@ -275,7 +239,7 @@ set_external_s3() {
         echo "The bucket should be public."
         echo
         echo "Please enter the bucket name."
-        read -e -p "S3 Bucket Name: " S3_BUCKET_NAME
+        read -erp "S3 Bucket Name: " S3_BUCKET_NAME
         echo
         export S3_BUCKET_NAME=${S3_BUCKET_NAME}
     fi
@@ -293,12 +257,10 @@ set_domains() {
     pretty_echo "FMTM Domain Name"
 
     echo "To run FMTM you must own a domain name."
-    while true
-    do
-        read -e -p "Enter a valid domain name you wish to run FMTM from: " fmtm_domain
+    while true; do
+        read -erp "Enter a valid domain name you wish to run FMTM from: " fmtm_domain
 
-        if [ "$fmtm_domain" = "" ]
-        then
+        if [ "$fmtm_domain" = "" ]; then
             echo "Invalid input!"
         else
             export FMTM_DOMAIN="${fmtm_domain}"
@@ -317,26 +279,23 @@ set_domains() {
     echo "$fmtm_domain --> $current_ip"
     echo "api.$fmtm_domain --> $current_ip"
 
-    if [ "$BRANCH_NAME" != "main" ]
-    then
+    if [ "$BRANCH_NAME" != "main" ]; then
         echo "s3.$fmtm_domain --> $current_ip"
         echo "odk.$fmtm_domain --> $current_ip"
     fi
 
     echo
-    read -e -p "Once these DNS entries are set and valid, press ENTER to continue." valid
+    read -erp "Once these DNS entries are set and valid, press ENTER to continue."
 
     pretty_echo "Certificates"
     echo "FMTM will automatically generate SSL (HTTPS) certificates for your domain name."
-    while true
-    do
+    while true; do
         echo "Enter an email address you wish to use for certificate generation."
-        read -e -p "This will be used by LetsEncrypt, but for no other purpose: " cert_email
+        read -erp "This will be used by LetsEncrypt, but for no other purpose: " cert_email
 
-        if [ "$cert_email" = "" ]
-        then
+        if [ "$cert_email" = "" ]; then
             echo "Invalid input!"
-        else 
+        else
             export CERT_EMAIL="${cert_email}"
             break
         fi
@@ -359,9 +318,9 @@ set_osm_credentials() {
 
     echo "Please enter your OSM authentication details"
     echo
-    read -e -p "Client ID: " OSM_CLIENT_ID
+    read -erp "Client ID: " OSM_CLIENT_ID
     echo
-    read -e -p "Client Secret: " OSM_CLIENT_SECRET
+    read -erp "Client Secret: " OSM_CLIENT_SECRET
 
     export OSM_CLIENT_ID=${OSM_CLIENT_ID}
     export OSM_CLIENT_SECRET=${OSM_CLIENT_SECRET}
@@ -373,7 +332,7 @@ check_change_port() {
     pretty_echo "Set Default Port"
     echo "The default port for local development is 7050."
     echo
-    read -e -p "Enter a different port if required, or nothing for default: " fmtm_port
+    read -erp "Enter a different port if required, or nothing for default: " fmtm_port
 
     if [ -n "$fmtm_port" ]; then
         echo "Using $fmtm_port"
@@ -389,15 +348,15 @@ generate_dotenv() {
     if [ -f ./.env.example ]; then
         echo ".env.example already exists. Continuing."
 
-        echo "substituting variables from .env.example --> ${DOTENV_PATH}"
-        ./envsubst < .env.example > ${DOTENV_PATH}
+        echo "substituting variables from .env.example --> ${DOTENV_NAME}"
+        ./envsubst < .env.example > ${DOTENV_NAME}
     else
         echo "Downloading .env.example from repo."
         echo
         curl -LO "https://raw.githubusercontent.com/hotosm/fmtm/${BRANCH_NAME:-development}/.env.example"
 
-        echo "substituting variables from .env.example --> ${DOTENV_PATH}"
-        ./envsubst < .env.example > ${DOTENV_PATH}
+        echo "substituting variables from .env.example --> ${DOTENV_NAME}"
+        ./envsubst < .env.example > ${DOTENV_NAME}
 
         echo "Deleting .env.example"
         rm .env.example
@@ -413,8 +372,7 @@ prompt_user_gen_dotenv() {
     if [ $IS_TEST != true ]; then
         set_deploy_env
 
-        if [ "$BRANCH_NAME" == "main" ]
-        then
+        if [ "$BRANCH_NAME" == "main" ]; then
             set_external_odk
             check_external_database
             set_external_s3
diff --git a/scripts/renew-certs-manual.sh b/scripts/renew-certs-manual.sh
index 0b380c670c..6bf6195378 100644
--- a/scripts/renew-certs-manual.sh
+++ b/scripts/renew-certs-manual.sh
@@ -12,7 +12,7 @@ cleanup_and_exit() {
 trap cleanup_and_exit INT
 
 # Prompt the user for input and set the BRANCH_NAME variable
-read -p "Enter the environment (dev/staging/prod): " ENVIRONMENT
+read -erp "Enter the environment (dev/staging/prod): " ENVIRONMENT
 
 case "$ENVIRONMENT" in
     dev)
diff --git a/scripts/setup/docker.sh b/scripts/setup/docker.sh
index d95afb7cac..0def7651b8 100644
--- a/scripts/setup/docker.sh
+++ b/scripts/setup/docker.sh
@@ -169,7 +169,7 @@ EOF
 add_vars_to_bashrc() {
     # DOCKER_HOST must be added to the top of bashrc, as running non-interactively
     # Most distros exit .bashrc execution is non-interactive
-    
+
     heading_echo "Adding rootless DOCKER_HOST to bashrc"
 
     user_id=$(id -u)
@@ -221,6 +221,6 @@ install_docker() {
     add_vars_to_bashrc
 }
 
-check_user_not_root
+check_user_not_root "$@"
 trap cleanup_and_exit INT
 install_docker
diff --git a/scripts/setup/podman.sh b/scripts/setup/podman.sh
index 3bf6b79d44..f4e3960fd8 100644
--- a/scripts/setup/podman.sh
+++ b/scripts/setup/podman.sh
@@ -27,7 +27,6 @@ check_os() {
         source /etc/os-release
         case "$ID" in
         debian)
-            IS_DEBIAN=true
             echo "Current OS is ${PRETTY_NAME}."
             ;;
         ubuntu)
diff --git a/src/backend/app-entrypoint.sh b/src/backend/app-entrypoint.sh
index 2080c57e46..be05ecb68d 100644
--- a/src/backend/app-entrypoint.sh
+++ b/src/backend/app-entrypoint.sh
@@ -7,7 +7,7 @@ wait_for_db() {
     retry_interval=5
 
     for ((i = 0; i < max_retries; i++)); do
-        if </dev/tcp/${FMTM_DB_HOST:-fmtm-db}/5432; then
+        if </dev/tcp/"${FMTM_DB_HOST:-fmtm-db}"/5432; then
             echo "Database is available."
             return 0  # Database is available, exit successfully
         fi
@@ -24,7 +24,7 @@ wait_for_s3() {
     retry_interval=5
 
     for ((i = 0; i < max_retries; i++)); do
-        if curl --silent -I ${S3_ENDPOINT:-http://s3:9000} >/dev/null; then
+        if curl --silent -I "${S3_ENDPOINT:-http://s3:9000}" >/dev/null; then
             echo "S3 is available."
             return 0  # S3 is available, exit successfully
         fi
diff --git a/src/backend/backup-entrypoint.sh b/src/backend/backup-entrypoint.sh
index 6275b2bdda..1bbd5862a5 100644
--- a/src/backend/backup-entrypoint.sh
+++ b/src/backend/backup-entrypoint.sh
@@ -64,7 +64,7 @@ wait_for_db() {
     local retry_interval=5
 
     for ((i = 0; i < max_retries; i++)); do
-        if </dev/tcp/${db_host}/5432; then
+        if </dev/tcp/"${db_host}"/5432; then
             echo "Database is available."
             return 0  # Database is available, exit successfully
         fi
@@ -81,7 +81,8 @@ backup_db() {
     local db_user="$2"
     local db_name="$3"
     local db_password="$4"
-    local db_backup_file="$HOME/${db_name}_$(date +'%Y%m%d%H%M%S').dump"
+    local db_backup_file
+    db_backup_file="$HOME/${db_name}_$(date +'%Y%m%d%H%M%S').dump"
 
     echo "Running VACUUM ANALYZE on the database."
     PGPASSWORD="$db_password" psql --host "$db_host" \
@@ -99,7 +100,7 @@ backup_db() {
 
     BUCKET_NAME="fmtm-db-backups"
     echo "Uploading to S3 bucket ${BUCKET_NAME}"
-    mc alias set s3 $S3_ENDPOINT $S3_ACCESS_KEY $S3_SECRET_KEY
+    mc alias set s3 "$S3_ENDPOINT" "$S3_ACCESS_KEY" "$S3_SECRET_KEY"
     mc mb "s3/${BUCKET_NAME}" --ignore-existing
     mc anonymous set download "s3/${BUCKET_NAME}"
     mc cp "${db_backup_file}" "s3/${BUCKET_NAME}/${db_name}/"
@@ -118,18 +119,18 @@ sleep 600
 while true; do
     pretty_echo "### Backup FMTM $(date +%Y-%m-%d_%H:%M:%S) ###"
     check_fmtm_db_vars_present
-    wait_for_db ${FMTM_DB_HOST:-"fmtm-db"}
-    backup_db ${FMTM_DB_HOST:-"fmtm-db"} ${FMTM_DB_USER:-"fmtm"} \
-        ${FMTM_DB_NAME:-"fmtm"} ${FMTM_DB_PASSWORD}
+    wait_for_db "${FMTM_DB_HOST:-fmtm-db}"
+    backup_db "${FMTM_DB_HOST:-fmtm-db}" "${FMTM_DB_USER:-fmtm}" \
+        "${FMTM_DB_NAME:-fmtm}" "${FMTM_DB_PASSWORD}"
     pretty_echo "### Backup FMTM Complete ###"
 
     # Only run ODK Central DB Backups if variables set
     if [ -n "${CENTRAL_DB_HOST}" ]; then
         pretty_echo "### Backup ODK Central $(date +%Y-%m-%d_%H:%M:%S) ###"
         check_central_db_vars_present
-        wait_for_db ${CENTRAL_DB_HOST:-"central-db"}
-        backup_db ${CENTRAL_DB_HOST:-"central-db"} ${CENTRAL_DB_USER:-"odk"} \
-            ${CENTRAL_DB_NAME:-"odk"} ${CENTRAL_DB_PASSWORD}
+        wait_for_db "${CENTRAL_DB_HOST:-central-db}"
+        backup_db "${CENTRAL_DB_HOST:-central-db}" "${CENTRAL_DB_USER:-odk}" \
+            "${CENTRAL_DB_NAME:-odk}" "${CENTRAL_DB_PASSWORD}"
         pretty_echo "### Backup ODK Central Complete ###"
     fi
 
diff --git a/src/backend/migrate-entrypoint.sh b/src/backend/migrate-entrypoint.sh
index 366f8c703d..f7cee00b89 100644
--- a/src/backend/migrate-entrypoint.sh
+++ b/src/backend/migrate-entrypoint.sh
@@ -44,7 +44,7 @@ wait_for_db() {
     retry_interval=5
 
     for ((i = 0; i < max_retries; i++)); do
-        if </dev/tcp/${FMTM_DB_HOST:-fmtm-db}/5432; then
+        if </dev/tcp/"${FMTM_DB_HOST:-fmtm-db}"/5432; then
             echo "Database is available."
             return 0  # Database is available, exit successfully
         fi
@@ -133,10 +133,10 @@ backup_db() {
 
     BUCKET_NAME="fmtm-db-backups"
     echo "Uploading to S3 bucket ${BUCKET_NAME}"
-    mc alias set s3 $S3_ENDPOINT $S3_ACCESS_KEY $S3_SECRET_KEY
+    mc alias set s3 "$S3_ENDPOINT" "$S3_ACCESS_KEY" "$S3_SECRET_KEY"
     mc mb "s3/${BUCKET_NAME}" --ignore-existing
     mc anonymous set download "s3/${BUCKET_NAME}"
-    mc cp "${db_backup_file}" s3/${BUCKET_NAME}/pre-migrate/
+    mc cp "${db_backup_file}" "s3/${BUCKET_NAME}/pre-migrate/"
 
     pretty_echo "Backup complete: $db_backup_file to bucket ${BUCKET_NAME}/pre-migrate/"
 }
diff --git a/src/frontend/public/install.sh b/src/frontend/public/install.sh
index 671383de11..32f81a9f37 100644
--- a/src/frontend/public/install.sh
+++ b/src/frontend/public/install.sh
@@ -20,7 +20,8 @@ heading_echo() {
     local color="${2:-blue}"
     local separator="--------------------------------------------------------"
     local sep_length=${#separator}
-    local pad_length=$(( (sep_length - ${#message}) / 2 ))
+    local pad_length
+    pad_length=$(( (sep_length - ${#message}) / 2 ))
     local pad=""
 
     case "$color" in
@@ -59,7 +60,7 @@ install_progress() {
     local spin[2]="|"
     local spin[3]="/"
 
-    while [ "$(ps a | awk '{print $1}' | grep $pid)" ]; do
+    while [ "$(ps a | awk '{print $1}' | grep "$pid")" ]; do
         local temp=${spin[0]}
         spin[0]=${spin[1]}
         spin[1]=${spin[2]}
@@ -72,7 +73,7 @@ install_progress() {
 }
 
 display_logo() {
-    echo 
+    echo
     echo " ███████████ ██████   ██████ ███████████ ██████   ██████"
     echo "░░███░░░░░░█░░██████ ██████ ░█░░░███░░░█░░██████ ██████ "
     echo " ░███   █ ░  ░███░█████░███ ░   ░███  ░  ░███░█████░███ "
@@ -142,13 +143,13 @@ check_user_not_root() {
 
             machinectl --quiet shell \
                 --setenv=RUN_AS_ROOT=true \
-                --setenv=DOCKER_HOST=${DOCKER_HOST} \
+                --setenv=DOCKER_HOST="${DOCKER_HOST}" \
                 svcfmtm@ /bin/bash -c "$user_script_path"
         else
             # User called script remotely, so do the same
             machinectl --quiet shell \
                 --setenv=RUN_AS_ROOT=true \
-                --setenv=DOCKER_HOST=${DOCKER_HOST} \
+                --setenv=DOCKER_HOST="${DOCKER_HOST}" \
                 svcfmtm@ /bin/bash -c "curl -fsSL https://get.fmtm.dev | bash"
         fi
 
@@ -357,7 +358,8 @@ add_vars_to_bashrc() {
     fi
 
     echo "Setting DOCKER_HOST for the current session."
-    export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
+    DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
+    export DOCKER_HOST
 
     echo
     echo "Done"
@@ -414,27 +416,24 @@ install_envsubst_if_missing() {
     else
         echo "Downloading a8m/envsubst"
         echo
-        curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
+        curl -L "https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-$(uname -s)-$(uname -m)" -o envsubst
         chmod +x envsubst
     fi
 }
 
 check_existing_dotenv() {
-    if [ -f "${DOTENV_NAME}" ]
-    then
+    if [ -f "${DOTENV_NAME}" ]; then
         echo "WARNING: ${DOTENV_NAME} file already exists."
         echo "This script will overwrite the content of this file."
         echo
-        echo "Do you want to overwrite file '"${DOTENV_NAME}"'? y/n"
+        printf "Do you want to overwrite file \'%s\'? y/n" "${DOTENV_NAME}"
         echo
-        while true
-        do
-            read -e -p "Enter 'y' to overwrite, anything else to continue: " overwrite
+        while true; do
+            read -erp "Enter 'y' to overwrite, anything else to continue: " overwrite
 
-            if [[ "$overwrite" = "y" || "$overwrite" = "yes" ]]
-            then
+            if [[ "$overwrite" = "y" || "$overwrite" = "yes" ]]; then
                 return 1
-            else 
+            else
                 echo "Continuing with existing .env file."
                 return 0
             fi
@@ -449,12 +448,10 @@ check_if_test() {
 
     echo "Is this a test deployment?"
     echo
-    while true
-    do
-        read -e -p "Enter 'y' if yes, anything else to continue: " test
+    while true; do
+        read -erp "Enter 'y' if yes, anything else to continue: " test
 
-        if [[ "$test" = "y" || "$test" = "yes" ]]
-        then
+        if [[ "$test" = "y" || "$test" = "yes" ]]; then
             IS_TEST=true
             export DEBUG="True"
             export LOG_LEVEL="DEBUG"
@@ -484,7 +481,7 @@ get_repo() {
 
     # Files in a random temp dir
     mkdir -p "/tmp/${RANDOM_DIR}"
-    cd "/tmp/${RANDOM_DIR}"
+    cd "/tmp/${RANDOM_DIR}" || exit 1
 
     repo_url="https://github.com/hotosm/fmtm.git"
 
@@ -516,8 +513,7 @@ get_repo() {
 set_deploy_env() {
     heading_echo "Deployment Environment"
 
-    while true
-    do
+    while true; do
         echo "Which environment do you wish to run? (dev/staging/prod)"
         echo
         echo "Both dev & staging include ODK Central and S3 buckets."
@@ -526,7 +522,7 @@ set_deploy_env() {
         echo "- ODK Central"
         echo "- S3 Buckets"
         echo
-        read -e -p "Enter the environment (dev/staging/prod): " environment
+        read -erp "Enter the environment (dev/staging/prod): " environment
 
         case "$environment" in
             dev)
@@ -554,7 +550,7 @@ set_external_odk() {
     heading_echo "External ODK Central Host"
 
     echo "Please enter the ODKCentral URL."
-    read -e -p "ODKCentral URL: " ODK_CENTRAL_URL
+    read -erp "ODKCentral URL: " ODK_CENTRAL_URL
     echo
     export ODK_CENTRAL_URL=${ODK_CENTRAL_URL}
 
@@ -575,7 +571,7 @@ set_odk_user_creds() {
     heading_echo "ODK User Credentials"
 
     echo "Please enter the ODKCentral Email."
-    read -e -p "ODKCentral Email: " ODK_CENTRAL_USER
+    read -erp "ODKCentral Email: " ODK_CENTRAL_USER
     echo
     export ODK_CENTRAL_USER=${ODK_CENTRAL_USER}
 
@@ -584,7 +580,7 @@ set_odk_user_creds() {
     yellow_echo "Note: this must be >10 characters long."
     while true; do
         echo
-        read -e -p "ODKCentral Password: " ODK_CENTRAL_PASSWD
+        read -erp "ODKCentral Password: " ODK_CENTRAL_PASSWD
         echo
 
         # Check the length of the entered password
@@ -602,38 +598,35 @@ check_external_database() {
 
     echo "Do you want to use an external database instead of local?"
     echo
-    while true
-    do
-        read -e -p "Enter y for external, anything else to continue: " externaldb
+    while true; do
+        read -erp "Enter y for external, anything else to continue: " externaldb
 
-        if [ "$externaldb" = "y" ]
-        then
+        if [ "$externaldb" = "y" ]; then
             EXTERNAL_DB="True"
             echo "Using external database."
         fi
         break
     done
 
-    if [ "$EXTERNAL_DB" = "True" ]
-    then
+    if [ "$EXTERNAL_DB" = "True" ]; then
         echo
         echo "Please enter the database host."
-        read -e -p "FMTM DB Host: " FMTM_DB_HOST
+        read -erp "FMTM DB Host: " FMTM_DB_HOST
         echo
         export FMTM_DB_HOST=${FMTM_DB_HOST}
 
         echo "Please enter the database name."
-        read -e -p "FMTM DB Name: " FMTM_DB_NAME
+        read -erp "FMTM DB Name: " FMTM_DB_NAME
         echo
         export FMTM_DB_NAME=${FMTM_DB_NAME}
 
         echo "Please enter the database user."
-        read -e -p "FMTM DB User: " FMTM_DB_USER
+        read -erp "FMTM DB User: " FMTM_DB_USER
         echo
         export FMTM_DB_USER=${FMTM_DB_USER}
 
         echo "Please enter the database password."
-        read -e -p "FMTM DB Password: " FMTM_DB_PASSWORD
+        read -erp "FMTM DB Password: " FMTM_DB_PASSWORD
         echo
         export FMTM_DB_PASSWORD=${FMTM_DB_PASSWORD}
 
@@ -646,17 +639,17 @@ set_external_s3() {
     heading_echo "S3 Credentials"
 
     echo "Please enter the S3 host endpoint."
-    read -e -p "S3 Endpoint: " S3_ENDPOINT
+    read -erp "S3 Endpoint: " S3_ENDPOINT
     echo
     export S3_ENDPOINT=${S3_ENDPOINT}
 
     echo "Please enter the access key."
-    read -e -p "S3 Access Key: " S3_ACCESS_KEY
+    read -erp "S3 Access Key: " S3_ACCESS_KEY
     echo
     export S3_ACCESS_KEY=${S3_ACCESS_KEY}
 
     echo "Please enter the secret key."
-    read -e -p "S3 Secret Key: " S3_SECRET_KEY
+    read -erp "S3 Secret Key: " S3_SECRET_KEY
     echo
     export S3_SECRET_KEY=${S3_SECRET_KEY}
 
@@ -666,7 +659,7 @@ set_external_s3() {
         yellow_echo "The bucket should be public."
         echo
         echo "Please enter the bucket name."
-        read -e -p "S3 Bucket Name: " S3_BUCKET_NAME
+        read -erp "S3 Bucket Name: " S3_BUCKET_NAME
         echo
         export S3_BUCKET_NAME=${S3_BUCKET_NAME}
     fi
@@ -684,12 +677,10 @@ set_domains() {
     heading_echo "FMTM Domain Name"
 
     echo "To run FMTM you must own a domain name."
-    while true
-    do
-        read -e -p "Enter a valid domain name you wish to run FMTM from: " fmtm_domain
+    while true; do
+        read -erp "Enter a valid domain name you wish to run FMTM from: " fmtm_domain
 
-        if [ "$fmtm_domain" = "" ]
-        then
+        if [ "$fmtm_domain" = "" ]; then
             echo "Invalid input!"
         else
             export FMTM_DOMAIN="${fmtm_domain}"
@@ -708,27 +699,24 @@ set_domains() {
     yellow_echo "$fmtm_domain --> $current_ip"
     yellow_echo "api.$fmtm_domain --> $current_ip"
 
-    if [ "$BRANCH_NAME" != "main" ]
-    then
+    if [ "$BRANCH_NAME" != "main" ]; then
         yellow_echo "s3.$fmtm_domain --> $current_ip"
         yellow_echo "odk.$fmtm_domain --> $current_ip"
     fi
 
     echo
-    read -e -p "Once these DNS entries are set and valid, press ENTER to continue." valid
+    read -erp "Once these DNS entries are set and valid, press ENTER to continue."
 
     heading_echo "Certificates"
     echo "FMTM will automatically generate SSL (HTTPS) certificates for your domain name."
     echo
-    while true
-    do
+    while true; do
         echo "Enter an email address you wish to use for certificate generation."
         echo "This will be used by LetsEncrypt, but for no other purpose."
         echo
-        read -e -p "Email: " cert_email
+        read -erp "Email: " cert_email
 
-        if [ "$cert_email" = "" ]
-        then
+        if [ "$cert_email" = "" ]; then
             echo "Invalid input!"
         else
             export CERT_EMAIL="${cert_email}"
@@ -753,9 +741,9 @@ set_osm_credentials() {
 
     echo "Please enter your OSM authentication details"
     echo
-    read -e -p "Client ID: " OSM_CLIENT_ID
+    read -erp "Client ID: " OSM_CLIENT_ID
     echo
-    read -e -p "Client Secret: " OSM_CLIENT_SECRET
+    read -erp "Client Secret: " OSM_CLIENT_SECRET
 
     export OSM_CLIENT_ID=${OSM_CLIENT_ID}
     export OSM_CLIENT_SECRET=${OSM_CLIENT_SECRET}
@@ -767,7 +755,7 @@ check_change_port() {
     heading_echo "Set Default Port"
     echo "The default port for local development is 7050."
     echo
-    read -e -p "Enter a different port if required, or nothing for default: " fmtm_port
+    read -erp "Enter a different port if required, or nothing for default: " fmtm_port
 
     if [ -n "$fmtm_port" ]; then
         echo "Using $fmtm_port"
@@ -849,7 +837,8 @@ prompt_user_gen_dotenv() {
 run_compose_stack() {
     # Workaround if DOCKER_HOST is missed (i.e. docker just installed)
     if [ -z "$DOCKER_HOST" ]; then
-        export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
+        DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
+        export DOCKER_HOST
     fi
 
     heading_echo "Pulling Required Images"
@@ -914,7 +903,7 @@ install_fmtm() {
     get_repo
     # Work in generated temp dir
     local repo_dir="/tmp/${RANDOM_DIR}/fmtm"
-    cd "${repo_dir}"
+    cd "${repo_dir}" || exit 1
 
     if [ -f "${repo_dir}/${DOTENV_NAME}" ]; then
         heading_echo "Skip Dotenv Generation"
@@ -922,7 +911,7 @@ install_fmtm() {
     else
         prompt_user_gen_dotenv
     fi
-    
+
     run_compose_stack
     final_output
 
@@ -935,7 +924,6 @@ install_fmtm() {
     if [[ "$IS_TEST" != true ]]; then
         rm -rf "/tmp/${RANDOM_DIR:-tmp}"
     fi
-
 }
 
 install_fmtm