Jenkins instance is running on a linux and i use Invoke Ant build step.
The build job is parameterized and one of the parameter is password
Ant targets are written in an xml called run.xml so I pass the arg -file run.xml -Dserver.password=apr20$1 to the ant build.

The password contains $ in the middle - like apr20$1.
The $ in the password is referenced as $1 command argument and password parameter is now changed to apr20-file ( -file is my first parameter)

The password is getting logged when i turn on the -d trace in Ant.
Setting ro property server.password=apr20-file is what i see in the console

The mask property should somehow try to address masking this information being logged. I have written my own script to introduce escape sequence in the passwords.