Keep Key in a secure location with restricted file permissions for root and Apache (web server)
2. Backup your keys in some remote secure location. Lost keys will cause loss of all data
3. There is no key expiration management.
4. Search or look up by encrypted user data will not work (search by address, phone number, etc. will not work)
5. Once data is encrypted there is NO undo and extension cannot be disabled.
These need to be accounted for in key management procedures