When utilizing the "Mask Passwords Plugin" https://wiki.jenkins.io/display/JENKINS/Mask+Passwords+Plugin

In a Jenkins Pipeline Job as follows:

vaultlookupsecret = 'mysupersekr3tp@sswordstuffz'

wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: 'vaultlookupsecret', password: vaultlookupsecret]], varMaskRegexes: []]) {

  script{
    mystuff = sh(script: "/bin/bash script.sh -p \"${vaultlookupsecret}\" > output_upload.txt", returnStatus: true).toString().trim()
  }
}

Within the "normal" jenkins job logs - this is properly masked as expected- and appears as follows:

+ /bin/bash script.sh -p ********

When viewing these same log(s) in the "BlueOcean" Pane - the top level step displays the commandline including the password in plaintext. When selecting the "dropdown" on this item within blueocean - the log display(s) the same commandline with the properly "masked" data.

Top Level/Label in Blue Ocean:

/bin/bash script.sh -p mysupersekr3tp@sswordstuffz

Drop-Down in Blue Ocean:

+ /bin/bash script.sh -p ********

I'm not sure if there is some configuration i need to make within BlueOcean, but "normal" logs are masked properly, it is only "BlueOcean" logs which seem unmasked (even though when selecting the drop-down - the log is again masked.

Version(s):

Jenkins 2.176.1

BlueOcean Plugin: 1.17.0

Mask Passwords Plugin 2.12.0

Note: I selected "componenets: core" as i "think" the BlueOcean Plugin is technically "core" now - and there isn't a component for "BlueOcean Specifically.