The key that’s distributed to all relevant TEEs is the bootstrap key created with localRandom rather than the sealing key, but I think both work about as well
This localRandom is the key shared by all contracts. At bootstrap time it’s stored in volatile memory yes, but the point is that as a result of register/onboarding, each Kettle can use it’s sealing key to decrypt xPriv even if it restarts