To reinforce this sentiment, I found it a very good pattern to read passwords from the environment or pass them via the command line. In both approaches, the password is still discoverable to other users on the machine and maybe stored in the .history file of the account, but it is harder to accidentially leak the password to a wider audience.