diff --git a/src/main/java/com/monkeyk/sos/service/dto/OauthClientDetailsDto.java b/src/main/java/com/monkeyk/sos/service/dto/OauthClientDetailsDto.java
index 4a46846..9ddeb41 100644
--- a/src/main/java/com/monkeyk/sos/service/dto/OauthClientDetailsDto.java
+++ b/src/main/java/com/monkeyk/sos/service/dto/OauthClientDetailsDto.java
@@ -3,6 +3,7 @@ package com.monkeyk.sos.service.dto;
 import com.monkeyk.sos.domain.oauth.OauthClientDetails;
 import com.monkeyk.sos.domain.shared.GuidGenerator;
 import com.monkeyk.sos.infrastructure.DateUtils;
+import com.monkeyk.sos.infrastructure.PasswordHandler;
 import org.apache.commons.lang.StringUtils;
 
 import java.io.Serializable;
@@ -209,7 +210,8 @@ public class OauthClientDetailsDto implements Serializable {
     public OauthClientDetails createDomain() {
         OauthClientDetails clientDetails = new OauthClientDetails()
                 .clientId(clientId)
-                .clientSecret(clientSecret)
+                // encrypted client secret
+                .clientSecret(PasswordHandler.encode(clientSecret))
                 .resourceIds(resourceIds)
                 .authorizedGrantTypes(authorizedGrantTypes)
                 .scope(scope);
diff --git a/src/main/webapp/WEB-INF/jsp/clientdetails/client_details.jsp b/src/main/webapp/WEB-INF/jsp/clientdetails/client_details.jsp
index 8f2e653..62f24cb 100644
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/client_details.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/client_details.jsp
@@ -52,7 +52,7 @@
 
                 <div class="list-group-item-text text-muted">
                     client_id: <span class="text-danger">${cli.clientId}</span>&nbsp;
-                    client_secret: <span class="text-primary">${cli.clientSecret}</span>&nbsp;
+                    client_secret: <span class="text-primary">***</span>&nbsp;
                     <br/>
                     authorized_grant_types: <span class="text-primary">${cli.authorizedGrantTypes}</span>&nbsp;
                     resource_ids: <span class="text-primary">${cli.resourceIds}</span>&nbsp;
diff --git a/src/main/webapp/WEB-INF/jsp/clientdetails/register_client.jsp b/src/main/webapp/WEB-INF/jsp/clientdetails/register_client.jsp
index 8e7375f..b8033a7 100644
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/register_client.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/register_client.jsp
@@ -20,14 +20,14 @@
 <h2>注册client</h2>
 
 <div ng-app>
-<p class="help-block">
-    若对Oauth的<code>client_details</code>中的属性及作用不清楚,
-    建议你先查看项目中的<code>db_table_description.html</code>文件(位于others目录)中对表<code>oauth_client_details</code>的说明,
-    或在线访问<a href="http://andaily.com/spring-oauth-server/db_table_description.html" target="_blank">db_table_description.html</a>;
-    因为注册client实际上是向该表中按不同的条件添加数据.
-</p>
+    <p class="help-block">
+        若对Oauth的<code>client_details</code>中的属性及作用不清楚,
+        建议你先查看项目中的<code>db_table_description.html</code>文件(位于others目录)中对表<code>oauth_client_details</code>的说明,
+        或在线访问<a href="http://andaily.com/spring-oauth-server/db_table_description.html" target="_blank">db_table_description.html</a>;
+        因为注册client实际上是向该表中按不同的条件添加数据.
+    </p>
 
-<div ng-controller="RegisterClientCtrl">
+    <div ng-controller="RegisterClientCtrl">
         <form:form modelAttribute="formDto" cssClass="form-horizontal">
             <div class="form-group">
                 <label for="clientId" class="col-sm-2 control-label">client_id<em class="text-danger">*</em></label>
@@ -47,7 +47,10 @@
                     <form:input path="clientSecret" cssClass="form-control" id="clientSecret"
                                 placeholder="client_secret" required="required"/>
 
-                    <p class="help-block">client_secret必须输入,且长度至少8位; 在实际应用中的另一个名称叫appSecret,与client_secret是同一个概念.</p>
+                    <p class="help-block">client_secret必须输入,且长度至少8位; 在实际应用中的另一个名称叫appSecret,与client_secret是同一个概念.
+                        <br/>
+                        <strong class="text-danger">注意: </strong> 由于client_secret 会加密存储, 请先复制并保留client_secret值
+                    </p>
                 </div>
             </div>
             <div class="form-group">
diff --git a/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp b/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
index f2127d2..0f92d5b 100644
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
@@ -21,10 +21,15 @@
 
     <p>
         针对不同的<code>grant_type</code>提供不同的测试URL,
-        完整的Oauth测试请访问<a href="http://git.oschina.net/mkk/spring-oauth-client" target="_blank">spring-oauth-client</a>项目.
+        完整的OAuth测试请访问<a href="https://gitee.com/mkk/spring-oauth-client" target="_blank">spring-oauth-client</a>项目.
     </p>
 
     <div ng-controller="TestClientCtrl">
+        <div>
+            请先输入client_secret: <input type="text" value="" placeholder="client_secret" ng-model="clientSecret"
+                                      size="100" required="required"/>
+        </div>
+        <hr/>
         <c:if test="${clientDetailsDto.containsAuthorizationCode}">
             <div class="panel panel-default">
                 <div class="panel-heading">Test [authorization_code]</div>
@@ -100,7 +105,7 @@
 
                     <p>
                         <a href="${contextPath}/oauth/authorize?client_id={{clientId}}&client_secret={{clientSecret}}&response_type=token&scope={{scope}}&redirect_uri={{implicitRedirectUri}}"
-                                >/oauth/authorize?client_id={{clientId}}&client_secret={{clientSecret}}&response_type=token&scope={{scope}}&redirect_uri={{implicitRedirectUri}}</a>
+                        >/oauth/authorize?client_id={{clientId}}&client_secret={{clientSecret}}&response_type=token&scope={{scope}}&redirect_uri={{implicitRedirectUri}}</a>
                         <span class="label label-info">GET</span>
                     </p>
                 </div>
@@ -158,7 +163,7 @@
 <script>
     var TestClientCtrl = ["$scope", function ($scope) {
         $scope.clientId = "${clientDetailsDto.clientId}";
-        $scope.clientSecret = "${clientDetailsDto.clientSecret}";
+        $scope.clientSecret = "";
         $scope.scope = "${clientDetailsDto.scopeWithBlank}";
 
         <c:if test="${empty clientDetailsDto.webServerRedirectUri}" var="eptRedUri">