@Kuldeep H Agree that, secrets should be secured at rest using encryption.
In this case, OAUTH client secrets must be secured either by encryption or hashing. I guess, both OTK and Portal do support this.
OAuth client keys: should we really need to secure them?
OAuth tokens (id tokens, refresh tokens, access tokens, etc) should be considered for extra protection conditionally. For example, securing them at rest can be ignored if they are short-lived in nature. Otherwise, we might need to consider them as well for securing them at rest. This can be voted to see in the product. How many of us interested on this?!