Strategy for handling mandatory, write-only attributes?

The API with which I’m working features an element which is write-only, and which is required to be populated on Create().

I’d initially planned to set Unknown: true when gathering state on Read(), and let the UseStateForUnknownModifier{} attribute plan modifier handle it.

But now I’m not sure I can do that because:

  1. Use of attribute plan modifiers requires me to set Computed: true on the attribute. (I think?)
  2. The attribute already has Required: true because it’s a mandatory API input, and I may need to remind the user of that.
  3. Computed and Required are mutually exclusive.

Is my understanding of the problem correct?

So, what’s the best way to handle this situation?

Options which have occurred to me, based on my current understanding of the framework and my problem:

  1. Skip Required: true, handle that need with a separate attribute validator.
  2. Because I know the API will never give this value back, skip the UseStateForUnknownModifier{}, and explicitly copy the old state directly into the newly-fetched state during Read()

Edit: I don’t think an attribute plan modifier can do what I need. The plan (which indicates the already-submitted write-only value) is correct.

What I need is a Read()-time state modifier, so that Read() returns the un-readable-but-known-to-the-statefile value which cannot be fetched from the API.