Hi again, I've recently enabled GitHub Issues so I'm revisiting outstanding Jira tickets to decide whether to migrate them or close them.
It would be technically possible to let you specify an AWS access key in the Jenkins config, as opposed to putting it in ~/.aws/credentials.
However you mentioned dynamically switching the account that Jenkins gets secrets from within a job, potentially switching multiple times within the job.
This is not something that specifying the access key in the Jenkins config could solve, as that statically authenticates Jenkins to a single account. Just like putting the key in ~/.aws/credentials would do.
Regrettably I found the multi-accounts beta feature doesn't work because Jenkins doesn't like using an ARN as a credential ID, probably due to some characters in the ARN not being acceptable. As a result I'll need to remove it for now.
I have lately been thinking that Jenkins needs some kind of namespacing feature, at least for the credentials API, and probably for other things too, so that we can represent resources coming from different cloud accounts within Jenkins. Maybe even allow the namespace to be passed as an implicit parameter to a block of pipeline steps, so that any credentials call within the block will know that it needs to use that namespace when looking up credentials.
Such a feature would be beyond this credentials provider in scope, it would have to be added to multiple Jenkins API plugins.
If this is of interest to you then we can open a new ticket to talk about it in GitHub?