Hi,

We're provisioning jenkins (a lot of) with preconfigured 'homes' including config.xml, a set of plugins, and some other xml configured things.
We also provide the 'crendentials.xml' file, which when installed contain a set of clear passwords.

we do not provide the 'secrets' folder ; we let each jenkins does its job at initial startup.

Then, we rely on jenkins and this plugin' mechanism to do the encryption.

Matter is : encryption do not happen unless a new credential is manually added, or an existing one is edited (change the comment for instance) or deleted.

Would there be a way to force-trigger an initial encryption ? (maybe a flag somewhere telling explicitely : needs encryption at restart, or a REST entrypoint asking to re-encrypt )

It's funny really because apparently JENKINS-27706 shows the opposite problem : double encrypted passwords

thanks for reading !