Tip: you can prepend a space at the beginning of the command and it won't be saved in the history (though I agree that letting the command prompt for a password is better)

Excellent. Although that can be set to not do that. I've explicitly set it to "ignoreboth" for so long that I'd forgotten why, so it seems new to me today. :)

From man bash:

       HISTCONTROL
              A colon-separated list of values controlling  how  commands  are
              saved  on  the  history  list.   If  the list of values includes
              ignorespace, lines which begin with a space  character  are  not
              saved  in  the history list.  A value of ignoredups causes lines
              matching the previous history entry to not be saved.  A value of
              ignoreboth is shorthand for ignorespace and ignoredups.  A value
              of erasedups causes all previous lines matching the current line
              to  be  removed from the history list before that line is saved.
              Any value not in the above list is ignored.  If  HISTCONTROL  is
              unset,  or does not include a valid value, all lines read by the
              shell parser are saved on the history list, subject to the value
              of  HISTIGNORE.  The second and subsequent lines of a multi-line
              compound command are not tested, and are added  to  the  history
              regardless of the value of HISTCONTROL.

i'm not sure if it works in all shells, but at least in zsh/bash doing

   $ echo "this will not be saved in history"
 

as opposed to

   $echo "this will be saved in history"

can be useful

AFAIK, in bash/zsh you have to do

    export HISTCONTROL=ignoredups:ignorespace 

in .bashrc or .bash_profile for the above trick to work.

fish, OTOH, seems to do this by default.

That, or use read:

  read password
  > secret-password-followed-by-enter-here
  sensitive-command --password $password
  unset password

edit: formatting