PSA:Never automate security tools through an arbitrary interface. Like STDIN user prompts. Use long form command line arguments, not short arguments (also I wonder if that's why long form arguments exist, 'standardized' key=value where short arguments may change over time, long form tend to stay the same forever)
Oh yeah and testing.... please test things... like a lot...
As a stop gap if you don't want people to use
cmd --username "iamsam" --password "mypass"
From the command line, 'because they might be dumb and it will get stuck in their .bash_history' perhaps a tty check? IF a tool is automating your security tool, you can now interface things reliably. IF someone is piping it, well... that's and edge case I can live with, especially if your tool isn't prone to be useful to piping.
// https://stackoverflow.com/questions/1312922/detect-if-stdin-is-a-terminal-or-pipe
#include <stdio.h>
#include <io.h>
...
if (isatty(fileno(stdin)))
printf( "stdin is a terminal\n" );
else
printf( "stdin is a file or a pipe\n");