Currently all secrets are added to the System credential store. My suggestion is to allow control over this through an annotation on the Secret itself. This annotation would allow the plugin to locate the correct Folder (from the folder plugin), and use this as CredentialStore instead of the System default one. This will allow for better security, as folders can be restricted to certain users, limiting access to the credentials from all authenticated users.

If no annotation is found, default to the System credential store.

If the annotation is set and not empty, lookup the Credential store based on the value from the annotation.

Suggested annotation: jenkins.openshift.io/credential.store

Example Secret:

kind: Secret
apiVersion: v1
metadata:
  annotations:
    jenkins.openshift.io/secret.name: my-credential-name
    jenkins.openshift.io/credential.store: my-folder
  name: my-secret
  labels:
    credential.sync.jenkins.openshift.io: 'true'
data:
  password: <secret-pass>
  username: my-username
type: kubernetes.io/basic-auth