Hello, If wpa_supplicant is your only usecase, you may also be able to use wpa_cli. If you leave the password blank in wpa_supplicant.conf, you can then supply it later (when wpa_supplicant is already running) using wpa_cli or wpa_gui. This way you wouldn't even temporarily write the password to the disk. I haven't tried this yet, but it should be possible to combine wpa_cli with pass in a script.
Regards, Alexander
