diff --git a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
index 98c27b87667b1c..44cde61273fc6a 100644
--- a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
+++ b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
@@ -527,7 +527,10 @@ private String argumentsToString(List<String> rawArgs) {
         clientCfg.setServers(Collections.singletonList(args.host() + ":" + args.port()));
 
         if (!F.isEmpty(userName))
-            clientCfg.setSecurityCredentialsProvider(getSecurityCredentialsProvider(userName, password, clientCfg));
+            clientCfg.setSecurityCredentialsProvider(getSecurityCredentialsProvider(
+                    userName,
+                    F.isEmpty(password) ? new String(requestPasswordFromConsole("password: ")) : password,
+                    clientCfg));
 
         if (!F.isEmpty(args.sslKeyStorePath()) || !F.isEmpty(args.sslFactoryConfigPath())) {
             if (!F.isEmpty(args.sslKeyStorePath()) && !F.isEmpty(args.sslFactoryConfigPath()))
diff --git a/modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java b/modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java
index dfcaaf113b21db..0091a9c99d540b 100644
--- a/modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java
+++ b/modules/control-utility/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java
@@ -195,4 +195,41 @@ public void testConnector() throws Exception {
         assertContains(log, testOutput, "--keystore-password *****");
         assertContains(log, testOutput, "--truststore-password *****");
     }
+
+    /**
+     * Verify that the command work correctly when entering password
+     * for user, and that it is requested only once.
+     *
+     * @throws Exception If failed.
+     */
+    @Test
+    public void testInputKeyUserPwdOnlyOnce() throws Exception {
+        IgniteEx crd = startGrid();
+
+        crd.cluster().state(ACTIVE);
+
+        TestCommandHandler hnd = newCommandHandler();
+
+        AtomicInteger pwdCnt = new AtomicInteger();
+
+        ((CommandHandler)GridTestUtils.getFieldValue(hnd, "hnd")).console = new NoopConsole() {
+            /** {@inheritDoc} */
+            @Override public char[] readPassword(String fmt, Object... args) {
+                pwdCnt.incrementAndGet();
+
+                return pwd.toCharArray();
+            }
+        };
+
+        int exitCode = hnd.execute(Arrays.asList(
+                "--state",
+                "--user", login,
+                "--keystore", keyStorePath("connectorClient"),
+                "--keystore-password", keyStorePassword(),
+                "--truststore", keyStorePath("trustthree"),
+                "--truststore-password", keyStorePassword()));
+
+        assertEquals(EXIT_CODE_OK, exitCode);
+        assertEquals(1, pwdCnt.get());
+    }
 }