mysql - Best practice for storing secret in app.yaml -

i'm deploying node.js app on gae connects cloud sql.

following docs, i'm told store user/password database inside app.yaml:

env_variables:   mysql_user: your_user   mysql_password: your_password   mysql_database: your_database   # e.g. my-awesome-project:us-central1:my-cloud-sql-instance   instance_connection_name: your_instance_connection_name 

is place store password?

yes. same. there not difference in storing credentials in environment variables or file. storing them in file, found more convenient (through totally subjective). in terms of security concerns, can play file permissions. can create user run app, , grant read access user.