logo hsb.horse
← Back to glossary index

Glossary

Envelope Encryption

Envelope encryption uses a two-layer model: data is encrypted by a DEK, and the DEK itself is encrypted by a KEK.

Published: Updated:
#security #encryption #kms #key-management

Translations

German French Japanese Korean Portuguese

This model improves key management and rotation efficiency because large payloads can remain untouched while encrypted DEKs are re-wrapped.