The below schema definition (see https://github.com/mrparkers/terraform-provider-keycloak/blob/3f6b75b79ada48eddb41de6055f57a357d9b691c/provider/resource_keycloak_realm_keystore_rsa.go#L60 for full context) is not declaring the private_key schema element as sensitive, thus one can list the related secret with terraform state show keycloak_realm_keystore_rsa.keystore_rsa

			"private_key": {
				Type:        schema.TypeString,
				Required:    true,
				Description: "Private RSA Key encoded in PEM format",
			},

Besides allowing to list this information in the terraform console using terraform state show and being visible in the terraform plan's output this can also force us in some situations to use the nonsensitive function, otherwise one can't pass this value using a data source linked to a secrets management tool (Azure KeyVault or AWS Secrets Manager or Hashicorp Vault).