There is also the concept of Peppering which is basically this idea. Instead of using a secret salt, password hashes (and passwords!) could also be encrypted with this secret, ideally randomly generated key. This would not only help with the security of password hashes but also stored passwords. The only problem with this whole idea might be the import and export of documents. Passwords would only be available if the same key is used, an other option could be to decrypt passwords and password hashes for export, but this could lead to security vulnerabilities again.