Upgrading from 2203.1 to 5.7.2 is trying to destroy secrets

[shaneholder]

Hello,

I am in the process of upgrading my CAF ESLZ from 2203.1. I found that at 5.7.2 there is a change that is causing secrets to be destroyed or replaced. If I use 5.6.10 the plan runs with only tag changes. Hoping to get some guidance on where to look to resolve this.

 # module.solution.module.azuread_credentials["connectivity"].azuread_application_password.key1[0] must be replaced
+/- resource "azuread_application_password" "key1" {
      ~ id                    = "2d<redacted>/password/ee<redacted>" -> (known after apply)
      ~ key_id                = "ee<redacted>" -> (known after apply)
      + rotate_when_changed   = { # forces replacement
          + "rotation" = "2024-05-01T00:37:55Z"
        }
      ~ start_date            = "2024-05-01T00:37:56Z" -> (known after apply)
      ~ value                 = (sensitive value)
        # (3 unchanged attributes hidden)
    }

# module.solution.module.azuread_credentials["connectivity"].random_password.key0[0] will be destroyed
  # (because random_password.key0 is not in configuration)
  - resource "random_password" "key0" {
      - bcrypt_hash = (sensitive value) -> null
      - id          = "none" -> null
      - keepers     = {
          - "frequency" = "2024-07-04T00:38:33Z"
        } -> null
      - length      = 250 -> null
      - lower       = true -> null
      - min_lower   = 0 -> null
      - min_numeric = 0 -> null
      - min_special = 0 -> null
      - min_upper   = 0 -> null
      - number      = true -> null
      - numeric     = true -> null
      - result      = (sensitive value) -> null
      - special     = false -> null
      - upper       = true -> null
    }

Thanks for any advice.

Regards,
Shane Holder