Yes, it is generally a good practice to rotate secrets, including client secrets, to ensure maximum security. Ory supports this practice. For instance, in Ory Kratos, secrets used for encrypting, decrypting, generating and validating signatures, and other cryptographic tasks can be rotated. When rotating these secrets, you would add the new secrets to the top of the list and keep the old secrets around. This allows the system to verify and decrypt things that have been signed/encrypted with the old secret, while generating new signatures and encrypting new things using the new secret [source](https://www.ory.sh/docs/kratos/guides/secret-key-rotation). However, the specific process of rotating the client secret for an OAuth client is not detailed in the provided sources. You may need to refer to the specific Ory product documentation or API reference for the exact steps.

The provided sources do not specify a method for securely transmitting the client ID and client secret to the owner of the machine user in the context of the Client Credentials Grant. However, it's important to note that these credentials should be handled with the same level of security as a password. Here are some general best practices for securely transmitting sensitive information: 1. Secure Communication Channels: Always use secure and encrypted communication channels to transmit sensitive information. This could be an encrypted email, a secure file transfer protocol, or a secure instant messaging system. 2. One-Time Use: Consider making the initial secret a one-time secret that must be changed upon first use. This way, even if the initial secret is compromised, it cannot be used more than once. 3. Direct Communication: If possible, provide the credentials directly to the machine user owner, for example, in a face-to-face meeting. 4. Split Delivery: Consider delivering the client ID and client secret separately to reduce the chance of both being intercepted. Remember, the specific method you choose will depend on your specific security requirements and the sensitivity of the data you are protecting.