OAuth 2.0 clients have an ID and Secret that are used during authentication while creating an Access Token or revoking a connection. A client secret should be treated like a password and kept in a secure location. You may create a new secret at any time in case you forgot/lost it or you believe it may have been compromised. Refer to Request Authorization From a BoxC Account to see how the credentials are utilized.
BoxC will never ask for your secret or private key.