diff --git a/changelogs/fragments/6931-keycloak_client-inventory-bugfix.yml b/changelogs/fragments/6931-keycloak_client-inventory-bugfix.yml
new file mode 100644
index 0000000000..ebc520d7a4
--- /dev/null
+++ b/changelogs/fragments/6931-keycloak_client-inventory-bugfix.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_client inventory plugin - fix missing client secret (https://github.com/ansible-collections/community.general/pull/6931).
\ No newline at end of file
diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py
index 6cb0a4ec98..870578138b 100644
--- a/plugins/modules/keycloak_client.py
+++ b/plugins/modules/keycloak_client.py
@@ -247,6 +247,7 @@ options:
     protocol:
         description:
             - Type of client.
+            - At creation only, default value will be V(openid-connect) if O(protocol) is omitted.
         type: str
         choices: ['openid-connect', 'saml']
 
@@ -721,6 +722,10 @@ from ansible.module_utils.basic import AnsibleModule
 import copy
 
 
+PROTOCOL_OPENID_CONNECT = 'openid-connect'
+PROTOCOL_SAML = 'saml'
+
+
 def normalise_cr(clientrep, remove_ids=False):
     """ Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the
     the change detection is more effective.
@@ -779,7 +784,7 @@ def main():
         consentText=dict(type='str'),
         id=dict(type='str'),
         name=dict(type='str'),
-        protocol=dict(type='str', choices=['openid-connect', 'saml']),
+        protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML]),
         protocolMapper=dict(type='str'),
         config=dict(type='dict'),
     )
@@ -813,7 +818,7 @@ def main():
         authorization_services_enabled=dict(type='bool', aliases=['authorizationServicesEnabled']),
         public_client=dict(type='bool', aliases=['publicClient']),
         frontchannel_logout=dict(type='bool', aliases=['frontchannelLogout']),
-        protocol=dict(type='str', choices=['openid-connect', 'saml']),
+        protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML]),
         attributes=dict(type='dict'),
         full_scope_allowed=dict(type='bool', aliases=['fullScopeAllowed']),
         node_re_registration_timeout=dict(type='int', aliases=['nodeReRegistrationTimeout']),
@@ -911,6 +916,8 @@ def main():
 
         if 'clientId' not in desired_client:
             module.fail_json(msg='client_id needs to be specified when creating a new client')
+        if 'protocol' not in desired_client:
+            desired_client['protocol'] = PROTOCOL_OPENID_CONNECT
 
         if module._diff:
             result['diff'] = dict(before='', after=sanitize_cr(desired_client))