Jenkins ver. 2.176.3 & Jenkins ver. 2.222.1
Searched high-and-low for this, but couldn't find anything.
How to reproduce:
1. Create a freestyle project.
2. Set the project to check out from a bogus github repo that you can never reach.
3. Add a credentials binding for the job (in my case, Separated Username and Password).
4. Add a simple post-build step via the PostBuildScript Plugin to use the credentials defined in #3 (such as echo-ing the credentials).
5. Execute the job.
6. Set the project to check out from a legitimate github repo that you can access.
7. Re-execute the job.
5. Post-build step can't use the credentials as they're empty.
7. Post-build step can use the credentials as they're not empty.
Post-build step should still have access to the credentials, even if the scm step fails.