It does exist and can be done. The capabilities are already built into the OS (ie: *nix). I presume both endpoints have bash. You’ll need to first set up ssh keys between the endpoints for password-less logins. Then strip the KOPIA_PASSWORD from the docker compose file.
Tip: Prefixing a single ‘ ’ (nbsp/space) before a shell command will keep it from appearing in the bash history provided HISTCONTROL=ignoreboth is in $HOME/.bashrc.
Then you can remote exec something like ssh docker-user@remote-endpoint ' KOPIA_PASSWORD=myPassword; docker up --whatever-is-the-rest-of-the-command-string-here'. Again, note the single space before KOPIA_PASSWORD.
Note I do not use docker but this about executing a command on a remote machine. In this case would be whatever is your docker up string or equivalent.
Combine with Kopia’s actions to do this automatically/on-demand, per snapshot job… or a cronjob.
If you want to add an additional layer of security but with the requirement of manual intervention before sending the password, try adapting the following script by adding the remote ssh exec command to the end of:
This way the password never leaves your possession.
(posted for future discoverability)