Key stores, passwords, shared secrets, and properties files must be stored in a directory that can only be accessed by authorized users.