A key used directly to encrypt data objects, often generated per file, record, session, or transaction.