When you change a security key, a new security key is generated by the controller firmware. The new security key is stored in the of the controllers. The new key replaces the previous key. You cannot see the security key directly. A copy of the security key must be kept on some other storage medium for backup, in case of controller failure or for transfer to another storage subsystem. A that you provide is used to encrypt and decrypt the security key for storage on other media.