How is encrypting the secret key going to work, if the key to decrypt needs to be on the server in case the user logs in? You're not adding anything here, since a knowledgeable administrator or attacker is going to know how to decrypt the data, obtain the key, and produce a TOTP token.
With passwords, at least the administrator only has a hash, and can't log in with information he's privy to. TOTP should only be used as a second factor.
Your model assumes that the owner of the site is also trustworthy, meaning it definitely isn't secure.
Secret key protects some information, and has no value itself. If like you say administrator or owner is corrupt, why does he need keys, tokens and all that stuff? He could just get the whole database?