Verify if elasticsearch-keystore value changed

We are using ansible to deploy elasticsearch. This involves configuring some elasticsearch-keystore settings -

bootstrap.password
keystore.seed
s3.client.default.access_key
s3.client.default.secret_key
xpack.security.http.ssl.secure_key_passphrase
xpack.security.transport.ssl.secure_key_passphrase

The values for these are defined in ansible-vault protected configuration files.

I would like to idempotently be able to apply these values but I cannot see any way of verifying from the elasticsearch-keystore command whether the value has changed or not. Is this possible ?

Currently we just force apply the configured values everytime and restart elasticsearch. This is not ideal as the restart time is increasing as more data is logged into elasticsearch

Unfortunately there is not currently a way to verify a value existing within the keystore.