Turtles All the Way Down is a good talk that covers this subject.
In short, there aren't any great solutions, because if you store the password to the database somewhere, you have to authenticate to that somehow, which leaves you back where you started. However, there are some options that reduce your risk.
The most common solutions are to store the password in an untracked file or environment variables on the server. This prevents a leak of your source code from exposing the password, but someone who gains access to your server will still be able to see it. You can also use systems that encrypt passwords into a file that is then stored in version control, which gives you all the benefits of a VCS, but this falls to similar issues.
Personally, I'm fond of secrets management systems like Hashicorp's Vault or Square's Keywhiz. These are systems that (usually) live external to your server and provide an API for getting and setting secret values. While they require authentication, this authentication can be temporary session values, similar to session cookies for websites, which will prevent an undetected attacker from gaining long-term access to your secrets, as the session they've stolen will expire (at some configurable time). These systems generally include audit logs as well, so once you detect a breach, you can track down where it came from.
The solution that makes the most sense for your particular situation depends a lot on your needs. Vault and friends are excellent, but introduce a lot of additional operational complexity, possibly more than the entire rest of your application. You will need to evaluate the tradeoffs for yourself to see what would be a good fit.
