Node keys live encrypted in the node’s database. When a node starts up it must be unlocked by the user with a password that they’ve set and we don’t know. At that time the keys are held inside of the LND process for the duration that process is living so LND can read them. The memory itself from the underlying server is encrypted as well with keys Voltage does not have access to, so the node keys are never living outside of an encrypted space.