We have a global password called JENKINSPASS

We have a global env ANT_OPTS defined, which references it like -Djavax.net.ssl.keyStorePassword=${JENKINSPASS}

For no apparent reason (we didn't upgrade) an unmasked value of the password started to appear in "Enviorment Variables" view. Note JENKINSPASS itself is masked.

ANT_OPTS	-Djavax.net.ssl.keyStorePassword=N0wC0mpr0miss3dS3cr3t
JENKINSPASS	[*******]

Older builds don't contain an entry for ANT_OPTS at all.