The HTTP request plugin appears not to snapshot credentials before use. This means that credential lookups for the HTTP request plugin may fail in the following conditions:

• Jenkins is run in distributed mode (builds on different nodes from the controller)
• A remote credential provider is used to provide credentials to an HTTP request
• The remote provider uses live lookups of secret values, rather than caching secret values by default. (Note: live lookups are recommended practice to avoid unnecessarily storing the secret in memory.)

If correct, the immediate fix would be to have the plugin snapshot credentials before use.

There is also a wider view to take here. Consumer plugins don't generally know that they should snapshot credentials before use to make distributed setups work, because there's nothing in the credentials API that suggests you need to do this. So it shouldn't really be the responsibility of individual consumer plugins to take snapshots. Perhaps there needs to be some intermediate credentials API proxy class that transparently snapshots credentials upon access, which is loaded when Jenkins runs in distributed mode.