The text discusses the challenges and benefits of upgrading 3 million variables in a system from Key Management Service (KMS) encryption to envelope encryption, which allows for more efficient and secure data management. The current KMS usage was causing problems due to its limitations, such as quota limits and slow decryption times, especially with large batches of variables. Envelope encryption solves these issues by generating a single data key per environment, reducing the need for network requests and minimizing the risk of brute-force attacks. The upgrade involved converting existing variables to the new system and storing encrypted data keys alongside cipher text, allowing for simultaneous support of legacy and envelope encryption. With this change, the system has seen improved performance, security, and flexibility, with a significant reduction in KMS usage and no service disruptions.