It is possible to accidentally leak secrets, such as credentials, when using groovy strings (i.e. double quotes ").
In a groovy string, any secrets in the string will be interpolated by groovy before being processed for further use. This can allow other processes to accidentally expose the secret. For example:
Any secrets should be used in single quotes so that they are expanded by the shell as an environment variable instead:
This behavior is already discouraged against in the credentials-binding docs as well as various places, but it would be Ideal to have some mechanism that warns against this usage.