Platform was upgraded to V21. Where is Encryption Keys? Why cant we use them?

Answer - 

Encryption keys in Billing were used only to work with real credit cards (not with tokens but with full credit card credentials that were stored directly in BSS DB). In order to do this in compliance with PCI-DSS - Encryption keys were used, in order to store credit card number (and other parameters) in the DB in the encrypted form, and later decrypt when payment needed to be created.

Starting from V21 - all Payment Plugins that worked with real credit cards were decommissioned, they are no longer available, so the need of Encryption Keys is also no longer there
The documentation https://docs.cloudblue.com/cbc/21.0/PCI-DSS-Compliance-Guide/Generating-Encryption-Keys.htm for V21.x is a doc bug.

Credit Card plugins are not really required when we have PHP payment plugins that support tokens - in this case the customer does not provide credit card number to BSS - it provides it to the payment processor (stripe for example) and then Stripe just returns back to BSS "Token" - it does not need to be encrypted and therefore we're by default PCI-DSS compliant. 
In short - BSS and Stripe communicate in "Token" format which automatically make platform in v21 a PCI-DSS compliant.