We have a process where we store the database password in a config file like below from where the password is picked up and used in Database Scripts
ID, Password
But we now have a Audit Requirement not to have the passwords in Config Files directly. We have a command which could fetch the password from external link
So wanted to check if we could have that executable command in the config file
Something like :
ID, `Executable Command`
So that when the above file is being used in database script it resolves the password
You can't generally put commands in config files, that's why they're config files and not full-blown scripts. You may actually have to modify your scripts.
This is often done with wrappers to make it less difficult. Instead of mydbms you run some other command which runs mydbms with the same arguments / environment plus a password. This file would be protected by access permissions to prevent it being publicly readable, so you'd have to use sudo to run it, and make sure only the relevant user can sudo for only that file, etc.
Exact details depend on what exactly you're doing.