The router currently checks the SSL password for the prefixes "env:" or "literal:" - see qd_config_ssl_profile_process_password()
Two issues with this:
1) It is not documented. It needs to be documented in the qdrouter.json file as well as in the configuration section of the user guide
2) the SASL password does not provide the same feature - should it be added there as well?