Are you making those RPC calls from the same machine or are they being initiated from across the network? If it's local, you might be better off
not using the user/password option and simply using the .cookie file authentication.
If it's a network request, you can use the "rpcauth" option which stores a "username:SALT$HASH" in your bitcoin.conf so that your password will still be "unknown" if the bitcoin.conf gets compromised.
Refer:
https://bitcoin.stackexchange.com/questions/46782/rpc-cookie-authenticationI will be making the calls from the same server, because I would like to make a wrapper API around the utility RPC calls and combine them with other things.
Would the cookie file be better in this case, or rpcauth? In any case I don't want to store the password in plain text.