Instead of having passwords stored plain text in /etc/wpa_supplicant.conf would it be possible to use a password command there, along the lines of password="/usr/bin/pass name at email" psk="/usr/bin/pass other at email" The init scheme then takes care of operating wpa_supplicant as my user, rather than root.