How can I hide the parameters gotten from AWS SSM from CloudFormation?

Hi, I’d like to hide the parameters gotten from AWS SSM as SecureString from CloudFormation when I deploy an application with Serverless Framework V4.

stages:
  default:
    params:
      param1: ${ssm:/path/to/app/param1}
provider:
  environment:
  PARAM1: ${param:param1}

For this configuration, PARAM1 can be seen in CloudFormation template like

"Variables": {
  "PARAM1": "encrypted-string"
}

In this case, what should I do? I wouldn’t like to show other people who can login to AWS console.

Is it an option for you to read the parameter directly in the code using getParameter API where it’s required?
For eg. in JavaScript/sdk v2,

async function getSSMParameter(name) {
  const response = await ssm.getParameter({
    Name: name,
    WithDecryption: true,
  }).promise();
  return response.Parameter?.Value ?? null;
}

and invoke it as,
const secret = await getSSMParameter("/path/to/app/param1");