BATch file could query DB to get the password ... but anyone else could do that too.
Pass a time-limited token to the BATch file, which enables it to query the DB to get the password, but if used "at the wrong time" won't get you a valid password
There are probably far more secure methods, but I'm not crypto-skilled!
I don't see how having the password saved in a database table would make the process more secure.
Instead of putting the command inside a batch file, put the command in the sql agent job step, so the whole command will be inside a database table (msdb.dbo.sysjobsteps for the record). Only sysadmins and member of builtin msdb roles can query that table.
Kristen, root is not blank. Somehow copy/paste didn't work when I posted.
Spaghettidba, it is a method what are you suggesting but also the password will be seen in the step. I'm trying to present to my superior a solution based on keeping the password somewhere else (such as SQL table) and not in sight (psychological impact ).
From my point of view, I would rather spend time developing a SSIS package instead of one job with multiple steps but that's another story.
The MarkDown formatting here, which takes hints FROM the text, is a nightmare for this type of thing, silently helping itself to some characters assuming they are formatting instructions
Don't create a batch file at all - create a stored procedure that reads from a table all of the necessary parameters and build the command. Then execute the command using xp_cmdshell.
for /f %%a in ('SQLCMD -E -S server -Q "set nocount on; select * from table" ') do set output=%%a
echo %output%
set root=D:
CD /D %root%
7z.exe a -t7z -p%output% FileName.7z FileName.sql