Jenkins Octopus Deploy Plugin stores credentials unencrypted in its global configuration file hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml
on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.