logo hsb.horse
← Back to glossary index

Glossary

Envelope Encryption

Envelope encryption uses a two-layer model: data is encrypted by a DEK, and the DEK itself is encrypted by a KEK.

Published: Updated:
#security #encryption #kms #key-management

Translations

German French Japanese Korean Portuguese

This model improves key management and rotation efficiency because large payloads can remain untouched while encrypted DEKs are re-wrapped.

Practical Note

Envelope Encryption usually appears in contexts related to security, encryption, kms, key-management. In practice, it helps to know not only the definition, but also what this term is trying to name quickly in a conversation, design note, or document.

Nearby words often overlap and make the explanation fuzzy. It is easier to use the term well when the target, role, and typical situation are kept one step more concrete.

Reading Note

The easiest way to read this term is to look at three things first: what it is about, what nearby concept it should be separated from, and what kind of decision it usually supports. For Envelope Encryption, the security, encryption, kms, key-management context is already a good starting point.

It also helps not to stop at the definition alone. The more useful view is to see what the term is trying to name quickly inside a working conversation.