Currently you need to store the token / password in the config file, which makes the full file confidential.
It should be possible to allow configuring at lease the password / token via environment.

Alternatively it would be also possible to use password / token files, so you can use docker secrets so securly pass the token / password.

On kubernetes this would allow mounting secrets as files too.