diff --git a/bigip/resource_bigip_ltm_profile_http.go b/bigip/resource_bigip_ltm_profile_http.go
index b8372aa9..93dda640 100644
--- a/bigip/resource_bigip_ltm_profile_http.go
+++ b/bigip/resource_bigip_ltm_profile_http.go
@@ -76,7 +76,7 @@ func resourceBigipLtmProfileHttp() *schema.Resource {
 			"encrypt_cookie_secret": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: "Specifies a passphrase for the cookie encryption",
+				Description: "Specifies a passphrase for the cookie encryption. Note: Since it's a sensitive entity idempotency will fail for it in the update call.",
 			},
 			"fallback_host": {
 				Type:        schema.TypeString,
diff --git a/docs/resources/bigip_ltm_profile_http.md b/docs/resources/bigip_ltm_profile_http.md
index 7fd25a4c..cf7cdbff 100644
--- a/docs/resources/bigip_ltm_profile_http.md
+++ b/docs/resources/bigip_ltm_profile_http.md
@@ -61,7 +61,7 @@ resource "bigip_ltm_profile_http" "sanjose-http" {
 
 * `encrypt_cookies` - (Optional) Type the cookie names for the system to encrypt.
 
-* `encrypt_cookie_secret` - (Optional) Type a passphrase for cookie encryption.
+* `encrypt_cookie_secret` - (Optional) Type a passphrase for cookie encryption. Note: Since it's a sensitive entity idempotency will fail for it in the update call.
 
 * `insert_xforwarded_for` - (Optional) Specifies, when enabled, that the system inserts an X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling. The default is `Disabled`.