The /etc/inet/secret/ directory contains the pre-shared keys for ISAKMP SAs and IPsec SAs. The ike.preshared file contains the pre-shared keys for ISAKMP SAs, and the ipseckeys file contains the pre-shared keys for IPsec SAs, when the administrator creates these keys manually. The secret directory is protected at 0700 and its files are protected at 0600.
The ike.preshared file is created by an administrator when the ike.config file requires pre-shared keys. The file contains keying material for ISAKMP SAs, that is, for IKE authentication. Because IKE uses the pre-shared keys to authenticate the Phase 1 exchange, the ike.preshared file must be valid before the in.iked daemon starts.
The ipseckeys file contains keying material for IPsec SAs. For IPv6 hosts, the administrator manually creates and updates the keys in this file. See IPsec Tasks for examples of manually managing the file. The IKE daemon does not use this file. The keying material that IKE generates for IPsec SAs is stored in the kernel.