[PCI-DSS] 3.5.2 Store cryptographic keys securely in the fewest possible locations and forms.
3.5.2 Examine system configuration files to verify that keys are stored in encrypted format and that key-encrypting keys are stored separately from data-encrypting keys.