Platform administrators have access to several “danger zone” actions for third-party applications. These are called “danger zone” actions because they result in irreversible changes to an application’s registration and should be treated with caution due to their potentially widespread and destructive effects. A warning dialog will appear in advance of executing these actions. The available “danger zone” actions are rotating a client secret and deleting an application registration.
You can rotate an application's secret on the Manage application page for confidential clients (external link) only. Rotating the secret will require every user to set up the application again, since every client configured with the secret will cease to work given that the rotated secret is invalidated. Rotating secrets should only be done if the secret has become compromised or lost; keep in mind that the application will need to be reinstated after secret rotation.
When might you want to rotate a secret? Given the consequences of rotating a secret, this is something that should only happen if the secret has been compromised or has become inaccessible.