--- a/main.c
+++ b/main.c
@@ -77,6 +77,7 @@ enum {
 	OPT_CAFILE,
 	OPT_COOKIEONLY,
 	OPT_COOKIE_ON_STDIN,
+	OPT_COOKIE_FILE,
 	OPT_CSD_USER,
 	OPT_CSD_WRAPPER,
 	OPT_DISABLE_IPV6,
@@ -91,6 +92,7 @@ enum {
 	OPT_NO_PROXY,
 	OPT_PIDFILE,
 	OPT_PASSWORD_ON_STDIN,
+	OPT_PASSWORD_FILE,
 	OPT_PRINTCOOKIE,
 	OPT_RECONNECT_TIMEOUT,
 	OPT_SERVERCERT,
@@ -139,7 +141,9 @@ static struct option long_options[] = {
 	OPTION("queue-len", 1, 'Q'),
 	OPTION("xmlconfig", 1, 'x'),
 	OPTION("cookie-on-stdin", 0, OPT_COOKIE_ON_STDIN),
+	OPTION("cookie-file", 1, OPT_COOKIE_FILE),
 	OPTION("passwd-on-stdin", 0, OPT_PASSWORD_ON_STDIN),
+	OPTION("passwd-file", 1, OPT_PASSWORD_FILE),
 	OPTION("no-passwd", 0, OPT_NO_PASSWD),
 	OPTION("reconnect-timeout", 1, OPT_RECONNECT_TIMEOUT),
 	OPTION("dtls-ciphers", 1, OPT_DTLS_CIPHERS),
@@ -177,6 +181,7 @@ static void usage(void)
 	printf("  -K, --key-type=TYPE             %s\n", _("Private key type (PKCS#12 / TPM / PEM)"));
 	printf("  -C, --cookie=COOKIE             %s\n", _("Use WebVPN cookie COOKIE"));
 	printf("      --cookie-on-stdin           %s\n", _("Read cookie from standard input"));
+	printf("      --cookie-file=FILE          %s\n", _("Read cookie from a file"));
 	printf("  -d, --deflate                   %s\n", _("Enable compression (default)"));
 	printf("  -D, --no-deflate                %s\n", _("Disable compression"));
 	printf("      --force-dpd=INTERVAL        %s\n", _("Set minimum Dead Peer Detection interval"));
@@ -217,6 +222,7 @@ static void usage(void)
 	printf("      --no-cert-check             %s\n", _("Do not require server SSL cert to be valid"));
 	printf("      --non-inter                 %s\n", _("Do not expect user input; exit if it is required"));
 	printf("      --passwd-on-stdin           %s\n", _("Read password from standard input"));
+	printf("      --passwd-file=FILE          %s\n", _("Read password from a file"));
 	printf("      --reconnect-timeout         %s\n", _("Connection retry timeout in seconds"));
 	printf("      --servercert=FINGERPRINT    %s\n", _("Server's certificate SHA1 fingerprint"));
 	printf("      --useragent=STRING          %s\n", _("HTTP header User-Agent: field"));
@@ -226,15 +232,28 @@ static void usage(void)
 	exit(1);
 }
 
-static void read_stdin(char **string)
+static void read_file(const char *file, char **string)
 {
 	char *c = malloc(100);
+	FILE *f;
+
+	if (file) {
+		f = fopen(file, "r");
+		if (!f) {
+			fprintf(stderr, _("Failed to open password file\n"));
+			exit(1);
+		}
+	} else {
+		file = "stdin";
+		f = stdin;
+	}
+
 	if (!c) {
-		fprintf(stderr, _("Allocation failure for string from stdin\n"));
+		fprintf(stderr, _("Allocation failure for string from %s\n"), file);
 		exit(1);
 	}
-	if (!fgets(c, 100, stdin)) {
-		perror(_("fgets (stdin)"));
+	if (!fgets(c, 100, f)) {
+		perror(_("fgets"));
 		exit(1);
 	}
 
@@ -332,14 +351,20 @@ int main(int argc, char **argv)
 			cookieonly = 2;
 			break;
 		case OPT_COOKIE_ON_STDIN:
-			read_stdin(&vpninfo->cookie);
+			optarg = NULL;
+			/* fall through */
+		case OPT_COOKIE_FILE:
+			read_file(optarg, &vpninfo->cookie);
 			/* If the cookie is empty, ignore it */
 			if (! *vpninfo->cookie) {
 				vpninfo->cookie = NULL;
 			}
 			break;
 		case OPT_PASSWORD_ON_STDIN:
-			read_stdin(&vpninfo->password);
+			optarg = NULL;
+			/* fall through */
+		case OPT_PASSWORD_FILE:
+			read_file(optarg, &vpninfo->password);
 			break;
 		case OPT_NO_PASSWD:
 			vpninfo->nopasswd = 1;