I'm using Terraform to deploy AWS lambda connectors, and I have to ignore changes related to some properties like "role_arn" and "secrets" because these values are obfuscated and stored in terraform state with ***, causing a state change every time I create a new plan, even when these values didn't change at all.

A temporary solution is to ignore these values using terraform lifecycle config https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changes

But it's not the best approach, considering terraform will not detect changes related to the AWS role or secrets.

Maybe the provider can hash the value and do the comparison with that hash instead.

Thanks