Please find below my findings with solution [without using Mask Passwords plugin]:

Brief Description about my jenkins job: I wrote a job which downloads the artifacts from Nexus based on the parameters given at run-time and then makes a Database SQL connection and deploy the SQL scripts using maven flyway plugin. My job takes - Environment, Database Schema, Artifact version number, Flyway command, Database User and it's password as input parameters.

Brief Background about problem: While passing the PASSWORD as MAVEN GOAL (Parameter), it was coming in Jenkins Console as a plain text. Although I was using "Password Parameter" to pass the password at run-time but then also it was coming as plain text in console.

I tried to use the "secret text" to encrypt the password but then my job started failing because the encrypted password was getting passed to Maven Goals, which was not able to connect to DB.

Solution:

I used "Inject passwords to the build as environment variables" from Build Environment and defined its value as my "password parameter" (my password parameter name was db_password) which I am passing as parameter at run-time (eg.: I defined my inject password value as : ${db_password} ).

And this is working as expected. The password which I am passing while running my job is coming as [*******]

[console log: Executing Maven: -B -f /work/jenkins_data/workspace/S2/database-deployment-via-flyway-EDOS/pom.xml clean compile -Ddb=UAT_cms_core -DdatabaseSchema=cms-core -Dmode=info -DdeploymentVersion=1.2.9 -Ddb_user=DB_USER -Ddb_password=[*******] ]

The Mask Passwords plugin does just that.