The mapping of AWS Secret to Jenkins Credential is strictly 1:1 at the moment. The secretString or secretBinary field is used verbatim as the credential's data: we do not attempt to parse JSON inside the secretString. Credential metadata, if any, maps to the relevant metadata fields on the secret (description and tags).

Consider whether we can support multiple credentials per secret, and maybe even user-defined JSON schemas for those secrets to allow credential metadata to be set in custom formats.