We have other systems that we use that have admin passwords used via the environment in Jenkins for integration purposes. From Jenkins we use the mask password plugin to hide the password from the UI and we have been successful with that so far. With artifactory integration, the users are able to see the password(unmasked) from the Build browser under the Environment tab in artifactory as a Key-value to the buildinfo.env object.
We will like Jfog to provide a configuration in the plugin where known "Key" can be configured so that its value is shown masked (****) after the JSON is created and posted to artifactory.
For a environment variable JIRAPASSWORD, lookup the configuration first, then add masking when the buildinfo JSON is created and post it so that the key-value in artifactory build browser is shown as buildinfo.env.JIRAPASSWORD ****
*I do see that there is a way to use include/exclude patterns, but many times our developers forget to use them when they create a jenkins job, so we will like to control that from the jenkins admins perspective by including strings to be masked in the global configuration for the plugin*
Ideally it will be great if the jenkins artifactory plugin can lookup to the mask password configuration and respect its configurations and mask all the strings configured to the buildinfo.