The secret keys used to configure an Authenticator application cannot be stored in clear in the user directory. Instead, they must be encrypted in a special way to protect the user's security and guarantee that nobody else but the legitimate user can setup an Authenticator application with that key.
Type your secret* here or generate a random one with the button on the right box, and then click Encrypt. Optionally, you can also add a label to identify the device configured with this secret.
* A valid Authenticator secret consists of 16 base32-encoded characters, those being:
If you need help setting up your Authenticator deployment, take a look at the Feide schema and the multi-factor authentication deployment guide.