Question: How to provide a password to mysql_config_editor without exposing it on the command line and without having to be present to type it?
Use an expect script. For example:
#!/usr/bin/env expect spawn mysql_config_editor set --skip-warn --login-path=client --user=root --password expect "Enter password: " send "$env(my_password)\r" expect eof
The password can be stored in whatever location is considered secure enough for the operation that is accessible by the script.