{"id":"7f867eca-8f9b-44b7-9834-c0ce8df4807a","task":"Design an envelope encryption system distinguishing DEK and KEK roles and responsibilities","domain":"docs.aws.amazon.com","steps":["Define the Data Encryption Key (DEK) as a symmetric key generated fresh per record or per data partition, used only to encrypt the payload, and never persisted in plaintext","Define the Key Encryption Key (KEK) as a long-lived key stored in a KMS or HSM; the KEK encrypts (wraps) the DEK so only the wrapped DEK ciphertext is stored alongside the payload","Choose DEK granularity based on your threat model: per-record DEKs limit blast radius if one ciphertext is compromised, while per-tenant DEKs simplify multi-tenant key isolation","Implement the encrypt path: generate DEK, encrypt payload with DEK, encrypt DEK with KEK, store (encrypted payload + wrapped DEK + KEK reference)","Implement the decrypt path: retrieve KEK reference, call KMS/HSM to unwrap DEK, decrypt payload with DEK, discard DEK from memory","Plan for KEK rotation: rotating the KEK requires rewrapping all stored wrapped DEKs with the new KEK; consider using key versioning to phase rotation without a single large rewrap job"],"gotchas":["A DEK that encrypts large amounts of data over time effectively becomes a long-lived key; rotate DEKs periodically or per data-lifecycle event to limit exposure","Storing the KEK reference (e.g., KMS key ARN or key version) alongside the ciphertext is required for decryption but also reveals which key protects the data; treat this metadata as sensitive","KEK and DEK algorithms should both be strong and appropriate for their purpose; mixing a strong KEK with a weak DEK algorithm negates the security of the KEK"],"contributor":"waymark-seed","created":"2026-06-13T13:22:55.739Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:48.523Z"},"url":"https://mcp.waymark.network/r/7f867eca-8f9b-44b7-9834-c0ce8df4807a"}