If the plugin is installed on a Jenkins instance running in an AWS account A, it should be able to access secrets in another AWS account B (most likely using IAM cross-account roles). I.e. it should not be restricted to just accessing Secrets Manager within its own AWS account.

The AWS Java SDK most likely supports this already, in which case we need only add some instructions to the README to show how to set this up.