How to not hardcode passwords?

Question

In my last question \"Portable database for storing secrets\" the best answer until now tell to use sqlite-crypt.

Reading sqlite-crypt docs, the new param for open

Answer 1

Hardcoding is inevitable at some point, unless the password is only ever used interactively.

The best thing you can do in a password-in-file situation is make it damn hard to access it in the first place, and then limit what can be done with it if someone does find it. A rule of thumb is that you shouldn't give more privileges to a password stored in a string than one that you have to type at a prompt.