Currently changing pico_service's password after the cluster has booted will break the cluster. Currently you would need to change the password via clusterwide ACL, which will break creation of any new connections between any 2 live instances of cluster. But granted the password has arrived via already established connections by raft log and then by tarantool replication to replicas (also by already established connections), the instances will need to be restarted manually with the updated password file.
test: test using --service-password-file
test: extract log_crawler to conftest.py
refactor: remove the last usage of tarantool::net_box
feat: specify password for pico_service via option at startup