Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsdevicefarm.AWSDeviceFarmRecorder.xml
on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.