Thanks for getting in touch! Currently we have no way to remove or encrypt the database credentials from the Octopus configuration file.
There are a couple of methods which may help you though.
The first is to switch to widows integrated authentication for your database connection to avoid leaving the credentials in file.
The other idea would be to lock down access to the config file so only the Octopus service account has access.
Unfortunately these are the only options available as we are currently unable to encrypt the connection string and the Octopus service needs access to the configuration file.
We do have a documentation section on Hardening Octopus which contains some helpful information for common security concerns, though it does not directly address the OctopusServer.config file.
If you have any further questions here or misinterpreted your request, please let me know.