When using the current command line parameter
So, I suggest to add the parameter "-pw-stdin" to read the password from a PIPE.
That's already implemented in the KeePass to hide password passed in the command line.
See it at: https://keepass.info/help/base/cmdline.html
I hope you agree to implement something similar.