diff --git a/internal/provider/stream_resource.go b/internal/provider/stream_resource.go
index a6b7fef..c7ac885 100644
--- a/internal/provider/stream_resource.go
+++ b/internal/provider/stream_resource.go
@@ -308,8 +308,10 @@ func (r *StreamResource) Schema(ctx context.Context, req resource.SchemaRequest,
 					},
 
 					"security_token": schema.StringAttribute{
+						// If unset, the server will generate one for you
 						Optional:  true,
 						Sensitive: true,
+						Computed:  true,
 						Validators: []validator.String{
 							securityTokenValidator,
 						},
diff --git a/internal/validators/stream_validators.go b/internal/validators/stream_validators.go
index 82217fc..b9682d0 100644
--- a/internal/validators/stream_validators.go
+++ b/internal/validators/stream_validators.go
@@ -185,7 +185,7 @@ var (
 	}
 
 	SecurityTokenValidator = StringRegexpValidator{
-		regexp:  regexp.MustCompile(`^.{32,64}$`),
+		regexp:  regexp.MustCompile(`^(.{32,64}|)$`),
 		message: "security token must be between 32-64 characters",
 	}