Generally speaking storing clear text passwords in a persistent file is not the best of ideas.I know it's the prevalent practice, but I believe it's just because of (until recently at least) the lack of better options.

Modern MySQL versions do offer some alternatives to this, but they depend on the environment available and the layout.
For a local MySQL server running on the same box as the app server is I'd say you're better off reusing the OS authentication (e.g. using https://dev.mysql.com/doc/refman/8.0/en/socket-pluggable-authentication.html on unix or https://dev.mysql.com/doc/refman/8.0/en/windows-pluggable-authentication.html on windows might make a lot of sense security-wise.

Failing this (either because of a lack of a driver support or OS support) you might consider at least using the right "@host" part for your accounts and limit access through that.

You could also combine this with using things like https://dev.mysql.com/doc/refman/8.0/en/option-file-options.html#option_general_login-path so that you don't have to manage mysql credentials in your scripts or in extra files.

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria