How to hide secrets when using an ARM template

TF version: 0.12.26

I’m trying to pass secrets from Vault to a template file using the templatefile() method, as part of an ARM template deployment. The resulting template, including the secrets are visible in the terraform plan stage. Is there any way to pass secrets into a template without the secrets showing up in the plan stage?
resource “azurerm_resource_group_template_deployment” “test” {

client_id                 =["client_id"],
client_secret         =["client_secret"]


tmpl file
“parameters”: {
“clientId”: {
“defaultValue”: “${client_id}”,
“type”: “string”

    "clientSecret": {
        "defaultValue": "${client_secret}",
        "type": "string"