In essence, everything that an application can access can be achieved by someone who enters the system / gains control of the application. Even if you use obfuscation (for example, base64 or more advanced) or real encryption where keys are available (even if they can also be confused).
Thus, essentially, there is no good enough way to do what you are trying to do and even worse: it simply cannot exist.
So what are you doing instead?
1. Restrict rights
MySQL_Login=root is a big problem ... an application compromise will immediately compromise the database (and its data).
So, limit the rights to what is absolutely necessary for the application.
It really needs to be done and quite easy to achieve.
2. Separate user and administrator access
If some things are necessary only after interacting with the user, you can use the secrets provided by the user (for example, a user password can give a hash, and this can be processed and get a key that is not always present in the application or configuration files).
You can use this for example. to separate permissions at two levels: the regular user level, which has only minimal rights to make the application work for the average user (but, for example, does not have application control rights that allow you to control the application itself), and use the saved secrets so that the user leaves The key is outside the application until the administrator has included the administrator in the application.
This is rarely done honestly, and all is easy.
But even with all that you essentially need to consider access to, for example, the database will be compromised if the application is compromised.
That is why data, such as the application user password, should not (should not) be stored in the database without proper precautions.