As Richard mentions there is no direct way to fully automate this, but you can automate some of it.
In Domino 9 it is possible to create secret keys via the Domino console. So you would do something like the following.
keymgmt create nek SECRETKEY
keymgmt export nek SECRETKEY FILENAME PASSWORD
keymgmt delete nek SECRETKEY
This will create a .key file of FILENAME. You can then mail this file to the end user. However the end user would need to detach the key file and manually import it into notes. They will also need to know the password to import.
[edit]
To expand on this. You could do the following.
- Create your initial secret keys on the server as per the command above.
- Create an agent which executes the export with a randomly generated password.
- Same agent mails the key file, with instructions to install.
- Same agent sends a second email with the randomly generated password.
It won't stop the end user from forwarding on the key/password to someone not authorised to use the database (which is what an IDK prevents), but you could have some level of auditing this way.