We have multiple Jenkins systems running in the same AWS account. In that account we also have some common secrets that all the Jenkins systems should have access to as well as some system-specific secrets that should only be accessible on the Jenkins system they are intended for. For example:
If we have two Jenkins instances (JenkinsA and JenkinsB) running in this account we'd like to be able to apply filters so that jenkins/A/secret-A shows up on JenkinsA, jenkins/B/secret-B shows up on JenkinsB, and jenkins/common/some-common-secret shows up on both JenkinsA & JenkinsB.
As far as I can tell right now we can only apply a single tag to filter credentials. If we could apply multiple filter tags we could achieve what we're looking for.
Another option could be to only show the credentials that the IAM role in use has secretsmanager:GetSecretValue permissions for.