...
Of primary importance to practically all encryption algorithms is the encryption key. The key needs to be held in a location where KFS can access it but where non-administrative users have no access to it. The DemonstrationGradeEncryptionServiceImpl uses the encryption.key property in the kfs-security-default-config.properties file (database connection properties also exist in this file). The encryption.key configuration property should be overridden. Again, protecting the encryption key is crucial to the integrity of the encryption system.
...