我应该在哪里保留数据库的凭据？

Is it a good idea to keep the username and password of database in a xml file and import it into security file of the spring security ? is there any better option? If I need to encrypt the password how to do it and how to find the encrypted version of password on phpMyAdmin? MySQLIs it a good idea to keep the username and pass