If the data contains personal data of an individual, you MUST use a 32-byte random secret key in order to comply with GDPR regulations.
certkey
is a random value that functions as pepper. All values are base64 encoded, but you could also choose base58 encoding or hexadecimal representation.