Alternatively to providing your SASL authentication password directly in plaintext, you can specify a command to be run to fetch the password at runtime. This is useful if you store your passwords in a separate (probably encrypted) file using gpg or a command line password manager such as pass or gopass. If a password-cmd is provided, the value of password will be ignored and the first line of the output of password-cmd will be used for login.
option