diff --git a/lib/doorkeeper/orm/active_record/mixins/application.rb b/lib/doorkeeper/orm/active_record/mixins/application.rb
index 6f442ee89..9ea8b129f 100644
--- a/lib/doorkeeper/orm/active_record/mixins/application.rb
+++ b/lib/doorkeeper/orm/active_record/mixins/application.rb
@@ -21,7 +21,7 @@ module Application
                class_name: Doorkeeper.config.access_token_class.to_s
 
       validates :name, :uid, presence: true
-      validates :secret, presence: true, if: ->(application) { application.confidential? }
+      validates :secret, presence: true, if: -> { secret_required? }
       validates :uid, uniqueness: { case_sensitive: true }
       validates :confidential, inclusion: { in: [true, false] }
 
@@ -120,7 +120,7 @@ def generate_uid
       end
 
       def generate_secret
-        return if !confidential? || secret.present?
+        return if secret.present? || !secret_required?
 
         renew_secret
       end
@@ -138,6 +138,11 @@ def enforce_scopes?
         Doorkeeper.config.enforce_configured_scopes?
       end
 
+      def secret_required?
+        confidential? ||
+          !self.class.columns.detect { |column| column.name == "secret" }&.null
+      end
+
       # Helper method to extract collection of serializable attribute names
       # considering serialization options (like `only`, `except` and so on).
       #