No matter what you store in a file, make sure the file with the secrets is properly set to be read only by the effective user (i.e., chmod 600). Another thing to note is that setting an environmental variable explicitly in the parent process using the information in this file will allow child processes to extract the password without require the child to re-read the file or have to pass it via commandline argument (which will show your password in the process list).