Yes it is, by current design. The file is stored under the DSM folder.

The LOCAL_KEY_SECRET value is a salt (a unique piece of additional data provided to the key generation process) for the purpose of generating an actual master key (the installer encrypts the master key with this Local_Secret_Key). This is an extra layer of protection to help encrypt sensitive data stored in the database and configuration files. Access to the file is restricted to root only, and the main purpose of this design is to protect encrypted information inside the database or database backup in the event the database is accessed by an attacker. Without root access to the DSM server, the attacker cannot decrypt any sensitive information stored inside the database. The key that is generated from this string is used during the manager startup, so this line needs to be present on the server at all times.

Customers can also choose to protect sensitive data inside the database using AWS KMS. This is considered more secure but requires the use of AWS. There is no Local_Key_Secret when DSM is configured to use AWS KMS.

During DSM installation, this gets added into the VMOPTIONS file and remains there for normal function of the manager node.

If new manager nodes are deployed, this value has to be added manually into the VMOPTIONS file of the new manager node.

There are no plans to change this design as of now. If this line value in plain text is a concern, it is recommended to submit a support case to Trend Micro. More feedback that we receive from customers will allow us to prioritize this enhancement request in the future.

Configuration of the master key was first introduced in Deep Security Manager 11.3.

The DSM installation article talks more about configuring the Master Key as one the steps to complete the manager installation.