Currently, values.yml does offer some properties to avoid writing the DB password in the file (jdbcSecretName and jdbcSecretPasswordKey). However, it is not the same for the username.
Could it be possible to create a new property fo make the username work the same way? Maybe by adding a jdbcSecretUsernameKey and expect the username to be also inside jdbcSecretName.
If there’s antyhing you want to store as a secret that doesn’t have an existing property, you can use sonarSecretProperties and sonarSecretKey. You can do the same for sonar.jdbc.username and sonar.jdbc.url as this other user did for ldap.* properties!