Stores master key used for internal application encryption. Internal encryption may be used when tokenization is not available to store credit card numbers (this approach is not PCI compliant). Internal encryption is also used to encrypt password and other sensitive information within the application.
The file must contain a single value (no carriage returns or unnecessary spaces) that is to be used as the key.
Normally, the key gets auto-generated by the system during the setup process. Note that for security purposes, the file doesn't actually contain the encryption key, but an altered version of it.
Altering the key or replacing it with a value that was not prepared following system's algorithm will cause malfunction of the encryption process. Using the key to decrypt values in the database will not produce any meaningful results. An attempt to extract the key through a direct decryption of the value in the file is not likely to produce any meaningful results either.
In order to make these settings accessible to the application, the file must be placed into $app-home/resources directory on the server.
Warning: loss/damage of the key will result in a complete loss of all encrypted data. Always keep a backup copy of the key.