When the artifactory plugin uploads build info it does not check the settings of the mask password plugin. As a result any passwords included as environment variables are uploaded in plain text to artifactory and cannot be removed (to my knowledge).
The current workaround is to exclude the passwords using the exclude patterns however as the default exclusions cannot be set globally this doesn't stop further exposure.
Two requested actions:
- honour the mask passwords plugin settings
- allow default exclusions to be configured