Best practices for storing secret keys

I have an asp.net app, and I want to store a machine wide encryption key that I will be using in the apps, when using DPAPI crypto system.

What are the best practices to store the key - where do I store it?

Thanks.

It very unsafe to store any key as plaintext in any non-volatile and inherently insecure medium (such as a Hard Drive). On such mediums, you should only store a signed encrypted version of a key, and write-access to the encrypted key should be secured.

The real work at hand is to model the security needs, to determine the key-management policy and implementation.