Supplying database password via file?

[oerp-odoo]

I see that with marabunta there are two ways to supply password. Either directly on command line or via environment variable. Direct password does not feel secure. Where environment variable is more secure, but it could still be accidentally leaked via some logs etc. So I would better not pass raw password value with that either.

What do you think about third option, to pass password as a file which is then read by marabunta. This way password would not be supplied directly.

I like the way postgres docker implemented this (https://github.com/docker-library/postgres/blob/dd84d6fccbab39bb67fb8f80b9fb2bfc5cb0c992/13/bullseye/docker-entrypoint.sh#L9). You can either use POSTGRES_PASSWORD env or POSTGRES_PASSWORD_FILE (but not both), if you pass POSTGRES_PASSWORD, it works same way as marabunta, but if you pass POSTGRES_PASSWORD_FILE, it reads value from specified file path.

So maybe it would be good to add third option --db-password-file and MARABUNTA_DB_PASSWORD_FILE env?