Too Long; Didn't Read
Envelope Encryption involves encrypting your data with a Data Encryption Key, then encrypting the encrypted key with a Customer Master Key. You then store both the encrypted data and the encrypted DEK alongside each other in the database. This practice of using a wrapping key to encrypt data keys is known as envelope encryption. It's also a highly recommended pattern by PCI-DSS (Security Standard for Credit Card Processing) and results in much stronger data privacy and data protection of Personally Identifiable Information (PII)