View the original community article here
Last tested: Oct 1, 2019
When moving a previously self-hosted instance to a MySQL backend, users are instructed to create a looker-db.yml file that contains the MySQL database credentials: https://docs.looker.com/setup-and-management/on-prem-mgmt/migrating-to-mysql#create_a_database_credentials_file
Those who do not want the clear text password for this configuration in a file on disk may optionally set environment variables for "LOOKER_DB" to accomplish the same thing.
You can set the environment variable "LOOKER_DB" to contain a list of key/values for each line in the looker-db.yml file.
We'd also recommend that they limit use of the MySQL user account created to the IP address used by your Looker server
It is important to also consider that, given Looker's encryption scheme, all sensitive data in the database is encrypted at rest. If someone were to steal the database credentials, and access the database, the most sensitive of data, such as passwords, analytics db credentials, query cache etc, are all stored encrypted or hashed.