...
By default, the Two Factor Authentication app encrypts the TOTP shared secret key in the database using a default AES 256 128 bit encryption key. The default encryption key can be changed but the local administrator by placing a file in the home directory of the host application(Bitbucket Server) and naming it /wittified.2fa-encryption. The file should be contain the new encryption key (without any extra content). Once this is done, the app automatically starts to use the new encryption key.
...