Stop Shipping Secrets in Jenkins: A Look at Secret Guard If you’ve run Jenkins for long enough, you’ve probably seen this happen: a token hardcoded in a Jenkinsfile a password hidden in a job config an API key passed through a command line a webhook URL with sensitive data baked into it None of this usually starts as a security incident. It starts as a shortcut. That’s why I wanted to highlight jenkinsci/secret-guard-plugin , a Jenkins plugin focused on detecting hardcoded secret leakage risks in jobs and Pipeline definitions. What Secret Guard is trying to solve Jenkins has a long memory. Job configuration, Pipeline definitions, and build settings can all become places where secrets accidentally persist.…