As title says, I would like to be able to use environment variables (for example ${GITHUB_OAUTH_CLIENTID}, ${GITHUB_OAUTH_CLIENTSECRET}) for configuring the GitHub OAuth application parameters. This would allow me to keep all secrets away from configuration files and instead keep them in environment variables where they can be managed more securely and effectively.

For a bit more context, I've built a custom Dockerfile on top of the official Jenkins Docker image which includes useful configuration from a set of template files and as such, this of course includes the GitHub OAuth plugin's configuration which happens to live in config.xml's <securityRealm ... /> definition. Security wise it does not make any sense at all to bake in passwords to a Docker image and as this particular plugin does not support environment variables, I had to add a hack around the /usr/local/bin/jenkins.sh which uses sed to rewrite the config file just before Jenkins is actually started.

As an additional note, enabling env variables would also bring the plugin closer to how eg. <workspaceDir ... /> and <buildsDir ... /> are configured. I also suspect there's a plethora of other plugins which would benefit from such unified behaviour but that would be a whole another effort to "encourage" all plugins to support password injection from environment variables.