You can find the datebase password in the config.ini.php.
Can you pls let piwik encrypt this password?
we don't encrypt because MySQL requires a plaintext password for the connection. The file is protected by .htaccess and .php extension, so it can't be displayed by direct access or local file inclusion.
To decrypt on every php request would add some performance overhead. Also, the question then becomes where to securely store the decryption key?
We could also try allowing the connection info to be set via environment variables (eg in your virtualhost.config), but the password is still physically stored somewhere.
(In ) refs #2870 - add a hook for plugins (or third party integration) to set database config before connection is made