Currently the blueocean-jwt plugin provides an endpoint allowing to retrieve a JWK based on its keyID: https://github.com/jenkinsci/blueocean-plugin/tree/master/blueocean-jwt#json-web-key-jwk-api

However, most tool (and in our case: HashiCorp Vault) expect a public endpoint that follows the format of the RFC 7517 spec, with a top-level "keys" field: https://tools.ietf.org/html/rfc7517#page-10

We propose to add a new /jwt-auth/jwks endpoint that would provide exactly that.