Envelop Encryption

Double Encryption Technique where, in order to read a letter inside an envelop, first you have to open the envelop and then decrypt the content of the letter using a key(data key) that is also encrypted using another key(master/root key), is referred to as envelop encryption.

encrypted_data = encrypt(data, data_key)
encrypted_data_key = encrypt(data, root_key)
decryption steps 
i) get the root key
ii) decrypt the encrypted_data_key using root_key
iii) decrypt encrypted_data using data_key

Uses

1. Store highly sensitive information in database — When storing information like credit card in a database, you can use envelope encryption to have unique data keys for each credit_card. Even if a data key is compromised, only that particular data will be compromised.
   One should store the data keys along with the data itself, so that the data_key is always present alongside the data
2. Store sensitive objects. Encrypt objects with data key and store the object with encrypted data key

Where to store the root key?

One can use the cloud providers like AWS, GCP, AZURE Key Master Services for storing the root key and generating/decrypting datakeys using remote API calls. This way you can get away with the hassle of maintaining encryption keys