To make it more clear to developers that the entity exposes the
application secret, define a separate entity that only should be used
when the secret is needed (probably only on creation).