The keys generally aren't kept anywhere. In fact, the encryption keys for a company valve's size should be split among multiple key company officials. The idea being, you should be able to steal the box that contains the credit card data and/or the machine that does the actual encryption and not have access to the keys (which, technically, aren't stored anywhere).
