The keystore keys are registered with the repository to ensure that they are not
accidentally changed.
During bootstrap and JMX keystore reload and re-encryption operations, the repository checks if the main keystore's keys and the metadata key have changed. If they have changed, the repository throws an exception.