If checked, the a MaskPasswordsConsoleLogFilter will be injected into EVERY Build, regardless of the Project's settings. This is generally bad practice, but if your foremost concern is having secrets hidden, it may be worth trying. Note that this should be tested with your jobs before being relied on; it's possible that custom Job types will not honor this. Workflow jobs in Jenkins versions before 1.632 will not honor this (see JENKINS-30777).