There is no way to interpolate passwords (this was removed and is not coming back). You need to think about secrets a little differently when you build plugins for 0.6+. Secrets are passed to the plugins as named environment variables. So you need to code your plugin to look for the named environment variable.
If you want to provide password as a secret, you would not set both the secret and the password field. You should only be setting the secret:
and then you would update your plugin to look for the PASSWORD environment variable and the yaml attribute which will also be passed as an environment variable, but prefixed with PLUGIN_. For example your plugin might do something like this:
var password = process.env.PASSWORD || process.env.PLUGIN_PASSWORD
I describe a pattern for handling this use case here:
Note that we use this pattern with the docker plugin, where we need to provide the plugin with an arbitrary dictionary of parameters for build-args, which in some cases may need to be sourced from secrets or the environment.
I was afraid this was the case. However the explanation makes perfect sense. I guess we will need to make changes to our plugins to support the pattern you describe (the “custom_params_from_env” thing).