Here is an example of how to write the sh parameter in Jenkinsfile with no output in a more secure way, as suggested in official documentation. The set +x does the main magic as has been written in this answer.
The single-quotes will cause the secret to be expanded by the shell as an environment variable. The double-quotes are potentially less secure as the secret is interpolated by Groovy, and so typical operating system process listings (as well as Blue Ocean, and the pipeline steps tree in the classic UI) will accidentally disclose it:
Insecure, wrong usage:
node { withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) { sh /* WRONG! */ """ set +x curl -H 'Token: $TOKEN' https://some.api/""" }}Correct usage ✅:
node { withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) { sh ''' set +x curl -H 'Token: $TOKEN' https://some.api/''' }}