I'm following guideline how to sign Android apk with Jenkins. I have parametrized Jenkins job with KSTOREPWD and KEYPWD. A part of Jenkins' job configuration (Build->Execute shell) is to take those parameters and store them as environment variables:

export KSTOREPWD=${KSTOREPWD}
export KEYPWD=${KEYPWD}
...
./gradlew assembleRelease

The problem is when the build is over anybody can access the build "Console Output" and see what passwords were entered; part of that output:

08:06:57 + export KSTOREPWD=secretStorePwd
08:06:57 + KSTOREPWD=secretStorePwd
08:06:57 + export KEYPWD=secretPwd
08:06:57 + KEYPWD=secretPwd

So I'd like to suppress echo before output from export commands and re-enable echo after export commands.

By default, Jenkins launches Execute Shell script with set -x. This causes all commands to be echoed

You can type set +x before any command to temporary override that behavior. Of course you will need set -x to start showing them again.

You can override this behaviour for the whole script by putting the following at the top of the build step:
#!/bin/bash +x

In your specific situation (using gradle and jenkins) you could also use a Password Parameter, using Gradle's pattern for environment variables (ORG_GRADLE_PROJECT_prop). Gradle will then set a propproperty on your project.

In your case this would look something like this

And you can use it in your gradle.properties like this

signingConfigs {
    release {
        storeFile file(KEYSTORE)
        storePassword KSTOREPWD
        keyAlias ALIAS
        keyPassword KEYPWD
    }
}

BTW - I recommend using the credentials binding plugin for KEYSTORE