When creating the secrets, should create a script that will read these interactively and securely.
Another idea would be to load the credentials from an external service following a public-key encryption scheme. This would be useful in unattended installation scenarios, where there is no user/admin installing this project manually:
echo "admin" | docker secret create jenkins-user -
echo "admin" | docker secret create jenkins-pass -
This way, there will be no trace of sensitive credentials in the terminal history.