Pattern 99 / SECURITY

Envelope Encryption

Use this when Protecting data with manageable key rotation.

Pressure
Protecting data with manageable key rotation
Mechanism
Encrypt data with data keys and protect those keys with rotating master keys
Toll
Key hierarchy, access control, and recovery procedures add complexity
Architecture plate99
Diagram for Envelope Encryption
Executive brief

Envelope Encryption fits when Protecting data with manageable key rotation. Mechanism: Encrypt data with data keys and protect those keys with rotating master keys. Use it for Sensitive records, multi-tenant data, backups. The toll: Key hierarchy, access control, and recovery procedures add complexity.

Use when

Sensitive records, multi-tenant data, backups.

Example

Use envelope encryption when sensitive records, multi-tenant data, backups..

Review framing

Describe the pressure first, then the mechanism, then the cost. That keeps the design grounded.

Same pressure family

Security

97Policy Decision Point / Policy Enforcement Point
โ† 98100 โ†’