This passphrase is used to generate a cryptographic key for the encryption.
In an development environment, a passphrase could be shared broadly because the data should have no secrecy character.
A wrapper script is a script that wraps the command with the following permissions:
- no read (can't be read)
The script can be executed but cannot be read by the user.
tabli --passphrase secret "$@"
If your environment has a credential vault functionality with SSO, you could retrieve it programmatically based on the credentials of the logged user.