diff --git a/data/default_config.cfg b/data/default_config.cfg
index 519dafb12620bcbc6d9bdc5c509513f311e54623..e85418904f763f81dea945c9c522990fb851384b 100644
--- a/data/default_config.cfg
+++ b/data/default_config.cfg
@@ -15,6 +15,11 @@ jid =
 # If you leave this empty, the password will be asked at each startup
 password =
 
+# A command that will be executed if "password" is not set, e.g. a session password
+# manager like secret-tool on gnome, or anything you want
+
+eval_password =
+
 # Path to a PEM certificate file to use for certificate authentication
 # through SASL External. If set, keyfile MUST be provided as well in
 # order to login.
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index df9700a4378f3a4b8816b1a5769a5ff35366053e..084af48200eb657dfa94214eb9ce1a6844f17b1f 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -1156,6 +1156,24 @@ found.
 
         The password needed to join the room.
 
+    eval_password
+
+        **Default value:** [empty]
+
+        A command which execution will retrieve the password from a password manager.
+
+        E.g. with secret-tool and the gnome keyring:
+
+        .. code-block:: bash
+
+            # Storing (to do beforehand)
+            secret-tool store --label="My jabber password" xmpp your@jid
+
+            # Retrieving (this should be the value of the option)
+            secret-tool lookup xmpp  your@jid
+
+        .. note:: This will only be used if the :term:`password` option is empty.
+
     private_auto_response
 
         **Default value:** ``Not in private, please.``
diff --git a/src/config.py b/src/config.py
index 6f9ef20bfdc1a79f6c53e6d165b0a0b39227c00d..e8e3269af07fe52b30cc6c047bd6d965789b0802 100644
--- a/src/config.py
+++ b/src/config.py
@@ -58,6 +58,7 @@ DEFAULT_CONFIG = {
         'enable_user_tune': True,
         'enable_vertical_tab_list': False,
         'enable_xhtml_im': True,
+        'eval_password': '',
         'exec_remote': False,
         'extract_inline_images': True,
         'filter_info_messages': '',
diff --git a/src/connection.py b/src/connection.py
index cd2cceddebb3ec87edc7caba067e2f77fa85541d..b6d445908060e3e21397e0f701dfb58990db1c91 100644
--- a/src/connection.py
+++ b/src/connection.py
@@ -14,6 +14,8 @@ log = logging.getLogger(__name__)
 
 
 import getpass
+import subprocess
+
 import slixmpp
 from slixmpp.plugins.xep_0184 import XEP_0184
 
@@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP):
             if resource:
                 jid = '%s/%s'% (jid, resource)
             password = config.get('password')
-            if not password and not (keyfile and certfile):
+            eval_password = config.get('eval_password')
+            if not password and not eval_password and not (keyfile and certfile):
                 password = getpass.getpass()
+            elif not password and not (keyfile and certfile):
+                print("No password or certificates provided, using the eval_password command.")
+                process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE,
+                                                        stdout=subprocess.PIPE, close_fds=True)
+                process.wait()
+                password = process.stdout.readline().decode('utf-8').strip('\n')
         else: # anonymous auth
             self.anon = True
             jid = config.get('server')