Last tested: Feb 9, 2018
When creating the DB credentials file for a MySQL backend, you cannot reference environmental variables to substitute for the actual credentials.
You must type the credentials in the file as they are. This is because the file is not parsed by the shell, it is read directly by the Looker application.
You can lock down the path where the
-dflag points as much as you want, and it can even be on an encrypted volume as long as it is accessible to the Looker application.