...

By default, the Two Factor Authentication app encrypts the TOTP shared secret key in the database using a default AES 256 128 bit encryption key.  The default encryption key can be changed but the local administrator by placing a file in the home directory of the host application(Bitbucket Server) and naming it /wittified.2fa-encryption. The file should be contain the new encryption key (without any extra content). Once this is done, the app automatically starts to use the new encryption key. The key should be expressed in hexadecimal format and in appropriate length(16, 24, 32 pre-hex length). For example ways of generating new keys, see below.

Generate a new key

To generate a new key, you can execute the following command on linux:

...