How to prevent exposing truecrypt arguments?

Question

I have a script that mounts a truecrypt volume and the password is given as an argument. Any user on the system may issue the command ps -aux | grep truecrypt which will reveal the password to the encrypted volume. Moreover, by traversing the proc directory, again the password can be revealed. I have root access to my machine, but I am sure that changing the permissions of the ps command and the proc directory will brake functionality in other parts of the system. On one hand I want to mount the volumes automatically without requiring user interaction, on the other hand, compromising the password of the truecrypt volume is out of the question. I might be able to find some acceptable solution using expect but before doing so I wanted to ask if anybody has a better idea?

Answer 1

I used pexpect to solve my problem in a python script, equivalent shell scripts should look similar conceptually

Instead of

mntMyDir = '/mnt/' + myDir
os.system('truecrypt ' + mntMyDir + '.tc ' + mntMyDir + ' --password=' + myPassword + ' --keyfiles= --protect-hidden=no')
os.chdir(mntMyDir + '/tree')

I used

mntMyDir = '/mnt/' + myDir
truecryptCmd = 'truecrypt ' + mntMyDir + '.tc ' + mntMyDir + ' --keyfiles= --protect-hidden=no'
child = pexpect.spawn(truecryptCmd)
child.expect('Enter password for ' + mntMyDir + '.tc: ')
child.sendline(myPassword)
child.wait()
os.chdir(mntMyDir + '/tree')