Introducing the Secret Guard Plugin
Hardcoded secrets still show up in Jenkins for very ordinary reasons.
A token is pasted into a job field during a quick test. A webhook URL with a secret query parameter stays in config.xml. An inline Pipeline header works once and is never revisited. These cases are easy to introduce and easy to overlook.
Once a secret is stored in job configuration...
