diff --git a/doc/configuration.md b/doc/configuration.md
index 6bbf9a1..32b6cca 100644
--- a/doc/configuration.md
+++ b/doc/configuration.md
@@ -91,6 +91,7 @@ Other available options:
   - `Issuer`: OIDC issuer URL. String. Example value: `"https://idm.example.com/oauth2/openid/drasl"`.
   - `ClientID`: OIDC client ID. String. Example value: `"drasl"`.
   - `ClientSecret`: OIDC client secret. String. Example value: `"yfUfeFuUI6YiTU23ngJtq8ioYq75FxQid8ls3RdNf0qWSiBO"`.
+  - `ClientSecretFile`: Path to a file containing an OIDC client secret. Environment variables in the path will be expanded. Surrounding whitespace in the file will be trimmed. Do not set both `ClientSecret` and `ClientSecretFile`. String. Example value: `"/path/to/oidc-client-secret.txt"`.
   - `PKCE`: Whether to use [PKCE](https://datatracker.ietf.org/doc/html/rfc7636). Recommended, but must be supported by the OIDC provider. Boolean. Default value: `true`.
   - `RequireInvite`: Whether registration via this OIDC provider requires an invite. If enabled, users will only be able to create a new account via this OIDC provider if they use an invite link generated by an admin (see `DefaultAdmins`). Boolean. Default value: `false`.
   - `AllowChoosingPlayerName`: Whether to allow choosing a player name other than the OIDC user's `preferredUsername` during registration. Boolean. Default value: `true`.