diff --git a/README.md b/README.md
index 46d2ec4..a82906a 100644
--- a/README.md
+++ b/README.md
@@ -18,10 +18,10 @@ The first argument is the device id or device name:
 # irestore MyPad
 Selected MyPad 43686f636f6c61746552616d656b696e73546f6f
 Usage:
-    ls [domain]
-    restore domain dest
-    dumpkeys [outputfile]
-    apps
+    ls [domain] .cred(optional)
+    restore domain dest .cred(optional)
+    dumpkeys [outputfile] .cred(optional)
+    apps .cred(optional)
 ```
 
 The `ls` command will list domains or files in a domain.
@@ -32,6 +32,8 @@ The `dumpkeys` command will dump the readable portions of the keychain to json.
 
 The `apps` command will list the installed apps.
 
+The `.cred` is an optional arguement that must be positioned at the end of the arguements list with a path to a file ending with or called `.cred`, and contains a string with no newline with the password to the database
+
 _Changes to the database format in recent iOS releases:_
 
 ## iOS 10 (deprecated)
@@ -63,4 +65,4 @@ There are a few changes in iOS 10.2.  The Manifest database itself is encrypted,
 
 Further, the keybag has a second round of PBKDF2 with different parameters and a sha256 hash function. This one takes about 10 seconds in Go, so the code now prints the decrypted key in hex. If you provide this hex key instead of your password, you can skip the long key derivation step.
 
-(iOS 10.2 details came from a github thread.)
\ No newline at end of file
+(iOS 10.2 details came from a github thread.)
diff --git a/cmd/irestore/irestore.go b/cmd/irestore/irestore.go
index ba78c29..bed4ea8 100644
--- a/cmd/irestore/irestore.go
+++ b/cmd/irestore/irestore.go
@@ -238,8 +238,19 @@ func main() {
 	must(err)
 
 	var selected *backup.Backup
+	var lenArgsVirt int = len(os.Args)
+	var cred string = ""
 
-	if len(os.Args) > 1 {
+	if strings.Contains(os.Args[lenArgsVirt-1], ".cred") {
+		credBytes, err := ioutil.ReadFile(os.Args[lenArgsVirt-1])
+		if err != nil {
+			log.Fatal(err)
+		}
+		cred = strings.TrimSuffix(string(credBytes), "\n")
+		lenArgsVirt = lenArgsVirt-1
+	}
+
+	if lenArgsVirt > 1 {
 		key := os.Args[1]
 		for _, man := range mm {
 			dashed := strings.Contains(man.FileName, "-")
@@ -274,11 +285,14 @@ func main() {
 	must(err)
 
 	if db.Manifest.IsEncrypted {
-		err = db.SetPassword(getpass())
+		if cred == "" {
+			cred = getpass()
+		}
+		err = db.SetPassword(cred)
 		must(err)
 	}
 	must(db.Load())
-	if len(os.Args) < 2 {
+	if lenArgsVirt < 2 {
 		for _, domain := range db.Domains() {
 			fmt.Println(domain)
 		}
@@ -295,18 +309,18 @@ func main() {
 	}
 
 	var cmd string
-	if len(os.Args) > 2 {
+	if lenArgsVirt > 2 {
 		cmd = os.Args[2]
 	}
 	switch cmd {
 	case "ls", "list":
-		if len(os.Args) > 3 {
+		if lenArgsVirt > 3 {
 			list(db, os.Args[3])
 		} else {
 			domains(db)
 		}
 	case "restore":
-		if len(os.Args) > 4 {
+		if lenArgsVirt > 4 {
 			restore(db, os.Args[3], os.Args[4])
 		} else {
 			help()
@@ -315,7 +329,7 @@ func main() {
 		apps(db)
 	case "dumpkeys":
 		var out string
-		if len(os.Args) > 3 {
+		if lenArgsVirt > 3 {
 			out = os.Args[3]
 		}
 		dumpkeys(db, out)