Per SEI CERT C Coding Standard it is best practice not to store plain text passwords in memory or on disk. This could be removed from memory, mostly, by storing the sha256 hash of the admin pass, and constant-time comparing the hashes of incoming passwords. For input on startup, the secure terminal could (optionally) be used which works without a gui to input the pass every start-up.