To prevent unauthorized access to the database, secure the maintenance user with password encryption, and set an expiration interval for the password.
You can use alter connection or create connection to set hide_maintenance_pwd at the Replication Server for a specific database connection, or use configure replication server to set hide_maintenance_pwd for all database connections.
Use maintuser_pwd_expiration with configure replication server to set the password expiration interval for the maintenance user for all connections.
See Maintenance User Security in the Replication Server Administration Guide Volume 1.