@ncw, I got it using AxCrypt.
I already used AxCrypt to encrypt my files. So one of the first things I do after logging in is typing my AxCrypt password.
I made a simple batch file with just the configuration password line (crypto.bat):
SET RCLONE_CONFIG_PASS = xxxxxxxxxxxxxxxxxxxx
I encrypted this file with AxCrypt (crypto.bat -> crypto-bat.axx)
So I made another batch file (that calls Rclone) that decrypts the file crypto.bat, calls it and encrypts it again:
"%ProgramFiles%\Axantum\AxCrypt\AxCrypt.exe" -d crypto-bat.axx
"%ProgramFiles%\Axantum\AxCrypt\AxCrypt.exe" -z crypto.bat
As the axcrypt password has already been typed (shortly after logon) it is not requested again, it is already cached.
However this only works with a logged in user, it does not work for servers.