Is there currently any way to mask a variable value in pipeline?
credentials plugin is static, only viable option is mask password plugin
But there is catch, the variables masked by this plugin if used inside lets say a sh step is still revealed as plain text in pipeline view.

Example:
#!/usr/bin/env groovy
pipeline {
stages {
stage('1') {
steps {
script {
def a = 'hello'
def b = 'world'
wrap([$class: 'MaskPasswordsBuildWrapper',
varMaskRegexes: [
[value: "${a}", key: 'USR'],
[value: "${b}", var: 'PSW']
]
])
{
sh "./test.sh -Pusername=${a} -Ppassword=${b}"
}
}
}
}
}
}