In APIM when subscriber create and application and generate a key in identity component it will generate an appropriate OAuth application. When an application is added it will contain the consumer key and consumer secret. These values are also shown in the store application. And those are used to generate or renew token later using store UI or token endpoint.
But these application credentials is a constant for entire life cycle of the application and it can be destroy only if application is delete. That mean there are no any way to change the consumer secret of the application.
Usage of changing a consumer secret is, some time organization need to be invalidate current token and regenerating those token for that application. A possible solution would be changing this consumer secret only. But up to APIM 2.0.0 this was not possible. But APIM latest version(2.1.0) this feature is available.
Admin users can change the consumer secret of a any OAuth application my login in to the management console of Auth components are available(APIM or IS). Once consumer secret is revoked all the associated tokens are invalidated and cache are also get cleared. Thus it prevent API invocation for that access token as well as it prevent to token re-generate for that application. Once a consumer secret is revoked OAuth application also get invalided and it is inactive. But this behavior will be affect to the API subscription and still allowed to subscribe to the API in APIM store. Also if an OAuth application is revoked it is impossible to regenerate token using store UI or token endpoint. Even though consumer secret is revoked it is not get removed from the OAuth application and store will show the same value further.