Remove MYSQL Hard-Coded Credentials

Why are we hardcoding database details- 
      MYSQL_DATABASE: cbioportal
      MYSQL_USER: cbio_user
      MYSQL_PASSWORD: somepassword
      MYSQL_ROOT_PASSWORD: somepassword

Won't it be better if we use enviornment variables or .env file