diff --git a/CHANGELOG.md b/CHANGELOG.md
index e56d7f0..785e029 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 0.1.4
+
+### Bug fixes
+* Fixes issue with password not appearing when reading role
+
 ## 0.1.3
 
 ### Enhancements
diff --git a/internal/provider/client_schema.go b/internal/provider/client_schema.go
index 43de9b2..73017e4 100644
--- a/internal/provider/client_schema.go
+++ b/internal/provider/client_schema.go
@@ -163,6 +163,10 @@ type RoleOutput struct {
 	Role Role `json:"role"`
 }
 
+type RolePasswordOutput struct {
+	Password string `json:"password"`
+}
+
 type RoleCreateInputRole struct {
 	Name string `json:"name"`
 }
diff --git a/internal/provider/resource_role.go b/internal/provider/resource_role.go
index bc04641..649eff0 100644
--- a/internal/provider/resource_role.go
+++ b/internal/provider/resource_role.go
@@ -65,9 +65,6 @@ func (r *RoleResource) Schema(ctx context.Context, req resource.SchemaRequest, r
 				MarkdownDescription: "Password of the role.",
 				Computed:            true,
 				Sensitive:           true,
-				PlanModifiers: []planmodifier.String{
-					stringplanmodifier.UseStateForUnknown(),
-				},
 			},
 			"branch_id": schema.StringAttribute{
 				MarkdownDescription: "Branch the role belongs to.",
@@ -170,19 +167,29 @@ func (r *RoleResource) Read(ctx context.Context, req resource.ReadRequest, resp
 	}
 
 	var role RoleOutput
+	var rolePassword RolePasswordOutput
 
-	err = get(r.client, fmt.Sprintf("/projects/%s/branches/%s/roles/%s", data.ProjectId.ValueString(), data.BranchId.ValueString(), data.Name.ValueString()), &role)
+	roleUrl := fmt.Sprintf("/projects/%s/branches/%s/roles/%s", data.ProjectId.ValueString(), data.BranchId.ValueString(), data.Name.ValueString())
+
+	err = get(r.client, roleUrl, &role)
 
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read role, got error: %s", err))
 		return
 	}
 
+	err = get(r.client, fmt.Sprintf("%s/reveal_password", roleUrl), &rolePassword)
+
+	if err != nil {
+		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read role password, got error: %s", err))
+		return
+	}
+
 	tflog.Trace(ctx, "read a role")
 
 	data.Id = types.StringValue(role.Role.Name)
 	data.Name = types.StringValue(role.Role.Name)
-	data.Password = types.StringValue(role.Role.Password)
+	data.Password = types.StringValue(rolePassword.Password)
 	data.BranchId = types.StringValue(role.Role.BranchId)
 	data.ProjectId = types.StringValue(branch.Branch.ProjectId)
 
diff --git a/internal/provider/resource_role_test.go b/internal/provider/resource_role_test.go
index cd94cb5..e596806 100644
--- a/internal/provider/resource_role_test.go
+++ b/internal/provider/resource_role_test.go
@@ -39,7 +39,7 @@ func TestAccRoleResourceDefault(t *testing.T) {
 				Config: testAccRoleResourceConfigDefault("sally"),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("neon_role.test", "name", "sally"),
-					resource.TestCheckResourceAttr("neon_role.test", "password", ""),
+					resource.TestMatchResourceAttr("neon_role.test", "password", existRegex()),
 					resource.TestCheckResourceAttr("neon_role.test", "branch_id", "br-patient-mode-718259"),
 					resource.TestCheckResourceAttr("neon_role.test", "project_id", "polished-snowflake-328957"),
 				),