SmartPill Encryption - Key Storage

I am looking at using SmartPill to encrypt some data in FileMaker fields but am wondering how others store the encryption/decryption key in a FileMaker environment?

The database file will be hosted by a third party hosting provider and I can not remove the full access account so I do not want to store the key in a data field or hard coded in a script.

I am thinking encrypting the key and storing it in each users FileMaker Applications folder. When encryption/decryption occurs the encrypted key would be loaded into FileMaker and decrypted using a key hardcoded into the script.

I am thinking that this gives me two encrypted locations so that if someone gains access to the database file and scripts they will not have access to the decryption key only the key to decrypt the key.

The local users will have access to the encrypted decryption key but should not be able to access the key hard coded in the script that decrypts the key unless they physically gain access to the database file hosted on a third party server or have a full user account.

Hope this isn't too confusing and any thoughts would be appreciated on where to store encryption keys in a FileMaker environment.

Steve