The dump, restore, etc commands support reading the password from a file but there is no equivalent option when setting up a new server. Setting the initial password in plain text on the command line is insecure as it shows up when running ps.

This is the block of code responsible for getting the password string from the --initial-password option :

Seems like this should probably be more like this :

optional<std::string> initial_password_filename = get_optional_option(opts, "--initial-password-file");

if (initial_password_filename) {
  fp_wrapper_t password_fp(initial_password_filename->c_str(), "r");
}

if (nullptr == password_fp.get()) {
  optional<std::string> initial_password_str = get_optional_option(opts, "--initial-password");
} else {
  optional<std::string> initial_password_str = password_fp.get();
}

Though I'm not entirely sure on the syntax. fp_wrapper_t is defined in that same file and I just based this snippet roughly on how it was used.