What private keys are stored inside an enclave? AFAIK the .key files are stored in disk (as shown in the README).

The private key associated with the TLS certificate is loaded from disk and stored inside the enclave as long as the application is running. The PEM_read_bio_* functions are used to load the content of a file into TaLoS. For example Squid calls PEM_read_bio_PrivateKey(), defined in crypto/pem/pem_all.c, to read the private key from disk.