Goal here would be the ability to create a job with a root trigger token - but to tell jenkins that the value/content of that token is to be retrieved from a Credential. 

This could be any secret text/password type credential available in the system.

This would allow for direct coordination of job triggering/access with external secret handling/rotation/etc. mechanisms like Vault.