I am using the HTTP Request Plugin from a pipeline build. I have to provide basic Auth credentials that are entered at the time the job runs and cannot be stored as global credentials. So, I am using custom headers for this.

    def creds = "admin:admin"
    String auth = creds.bytes.encodeBase64().toString()
    def response = httpRequest httpMode: 'GET',
      url: "https://httpbin.org/get",
      customHeaders: [[name: 'Authorization', value: "Basic $auth"]]

The problem is that the plugin always prints the header values, so I see:

  [Pipeline] httpRequest
  HttpMode: GET
  URL: https://httpbin.org/get
  Authorization: Basic YWRtaW46YWRtaW4=
  Sending request to url: https://httpbin.org/get
  Response Code: HTTP/1.1 200 OK
  Success code from [100‥399]

Which makes it really easy to decode the password. Is there another way to pass the credentials (I tried putting them in the URL "http://admin:admin@httpbin.org/get" with the MaskPasswords plugin installed, but that echoed the password in plaintext).

Would it make sense magically hide or obfuscate the Authorization header if added with customHeaders?

Or, there is an option to suppress the response body in console. Could we add an option to suppress the request headers in console?