(The process is a little involved: Apple describes it in the section “Reset using the Reset Password assistant (FileVault must be on)” in this support document.) You never see the recovery key nor have to enter it in this configuration. It’s fully encrypted in such a way that even Apple doesn’t have access to the unencrypted recovery key data, but Apple can deliver the encrypted recovery key to your Mac if you need to reset your password. If you choose iCloud, the recovery key isn’t stored loosely in iCloud Drive or as a file, but it’s tied into behind-the-scenes account information that Apple maintains. You can opt to store your recovery key as part of your iCloud account for password resets. (And it’s why Apple shifted iOS two years ago to require that you enter your passphrase every six days, even if you have Touch ID enabled.) This is a problem with security options on systems reliable enough that you don’t have to work with them regularly to refresh your memory. She hasn’t yet been in a situation where she needs it, but she’s concerned that you could wind up locked out and not be able to obtain the recovery key. She can’t find the key, and she remembers using the iCloud option to store it, but has examined iCloud Drive and can’t find it. Macworld reader Elaina falls into that camp.
But if enough time has passed, you might have forgotten where you stashed the key or how to retrieve it. In those cases, the recovery key set at the time you turned on FileVault on your Mac can do the trick. That’s a problem, however, if you forget the password to all the authorized account or, in some cases I’ve received a few emails about, something goes wrong and the Recovery Disk-used both for “cold start” logins to macOS and to diagnose problems on your startup volume-demands a login that doesn’t work.
Without the password that unlocks an account on your Mac that’s authorized to log in with FileVault, there’s no effective way to bring that computer to life. It’s full-disk encryption (FDE), meaning that your entire startup volume is locked away when macOS is shut down (not just sleeping) using strong encryption. The FileVault option in macOS is a fantastic way to enhance the security of your data at rest.