Originally reported as part of JENKINS-12423, I am reopening this as a separate defect at the author's request. My original defect report from that issue is as follows:

With Jenkins 1.450, Perforce plugin 1.3.7, EnvInject 1.17, and Mask Passwords 2.7.2, the Perforce passwords are being displayed in plain text on the "Injected Environment Variables" page. I have tried setting the passwords to be masked in the global Jenkins config as well as in the individual jobs, but nothing I have tried is masking the passwords.

In the case of the Perforce passwords, the issue was happening before I installed the Mask Passwords plugin (I only installed that in an attempt to hide the passwords). It seems that perhaps the Perforce plugin (and plugins for other source control systems?) are exposing the passwords in a way that the EnvInject plugin doesn't know to look for. I'm not sure where the best place to fix this is, or what the optimal fix should be, as I am not familiar with the Jenkins codebase or the code for any of the relevant plugins. However, the quicker a solution can be implemented, the happier I will be . Thanks!

After updating to EnvInject 1.20, the Perforce password is still being exposed (P4PASSWD variable) on the "Injected Environment Variables" page available on the left menu on each build. I suspect that this may require changes to both the EnvInject plugin and the Perforce plugin.