I don't think dynamic providers support secrets in that way. All the outputs will come back as unsecret regardless of the inputs. Probably worth raising an issue about this it's, yet another, something we should look at in the planned provider interface overhaul.