Bash – How to safely transmit a password over SSH for a remote command to use

On the local server, I have a program that stores the password in the predefined environment variable (SPECIAL_PASSWORD).

On the remote server I have a program that reads and uses a password from a predefined environment variable (SPECIAL_PASSWORD).

I want to execute the program on the remote server and supply the password already set in my local environment.

My attempt looks as follows:

local_command # produces the SPECIAL_PASSWORD Env Var
ssh -l remote_user remote_server <<EOSSH
export SPECIAL_PASSWORD=${SPECIAL_PASSWORD} # Transfer Env Var
remote_command # consumes SPECIAL_PASSWORD Env Var
EOSSH

It also seems to work as intended:

1. Unix ps does not seem to reveal the password
2. access to the password is only available to the current processes or their child processes.

But is it truly safe to do so … is at any point the password readable? Is there a better alternative?

I could potentially change the sshd_config (AcceptEnv) and ssh_config (SendEnv) to allow to transmit a subset of environment variables without above trick. However the systems are tightly controlled, and sshd_config requires admin intervention. In my case, it doesn't seem a possibility to change the sshd_config.

UPDATE

I am using a different solution offered by piping data into the remote ssh command be ran. Note that this syntax does not work anymore in combination with HERE documents.

sendEnv() {
  echo "var1=${var1}"
  echo "var2=${var2}"
  ...
}

sendEnv | ssh -l remote_user remote_server "receiving_command".

In my case the receiving_command is a java program that reads the environment variables from System.in.

It works like a charm.