Trying to play the devil’s advocate here, maybe it can make some sense if you’re rolling out multiple deployment environments and want to be able to reuse the build and can’t lookup env vars for whatever reason.

And/or if you don’t 100% control the oauth server and it has some arbitrary BS which forces rotation of the client secret that wouldn’t align with your release cycle (?)