So I just used Pulumi to provision a SSM SecureString parameter, with a value defined by a secret encrypted config value. I was disappointed to see that the value is visible in cleartext in the Pulumi stack. Is there any way to provision a SSM value, preserving its secrecy?