Secure data handling and storage

What is claimed is: 1. An apparatus comprising: a lock module that: receives a request to decrypt encrypted data that is stored in a data repository, the encrypted data encrypted using a first encryption key; and unlocks an encryption engine in response to the request, the encryption engine unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders; a decryption module that decrypts the encrypted data using the encryption engine, the encrypted data decrypted using the first encryption key; and an encryption module that re-encrypts the decrypted data using the encryption engine, the decrypted data re-encrypted with a second encryption key that is different than the first encryption key, the re-encrypted data stored in the data repository, wherein the lock module: detects a change in a configuration of the encryption engine; and locks the encryption engine in response to the detected configuration change. 2. The apparatus of claim 1 , further comprising a data module that receives the encrypted data from the data repository on a continuous basis, in response to the encryption engine being unlocked, without a delay between different sets of encrypted data. 3. The apparatus of claim 2 , wherein the data module receives the encrypted data as a continuous stream of data transmitted from the data repository. 4. The apparatus of claim 3 , wherein the data module further encrypts the encrypted data using a cryptographic protocol while the encrypted data is in transit to the encryption engine. 5. The apparatus of claim 1 , wherein the encrypted data that is stored in the data repository comprises a plurality of records, each record storing information associated with one or more users. 6. The apparatus of claim 5 , wherein the encrypted data comprises sensitive data for each of the one or more users, the sensitive data comprising electronic user credentials for logging the one or more users into one or more user accounts at a financial institution. 7. The apparatus of claim 1 , wherein the decryption module checks a key version identifier that is stored as metadata with the encrypted data to determine the first encryption key that was used to encrypt the encrypted data. 8. The apparatus of claim 7 , wherein the decryption module cross references the key version identifier with a list of previously used encryption keys to locate the encryption key that matches the key version identifier. 9. The apparatus of claim 1 , wherein the second encryption key that is used to re-encrypt the decrypted data comprises a newly generated encryption key that has never been used. 10. The apparatus of claim 1 , further comprising a key module that generates, on a consistent frequency, new encryption keys for re-encrypting the encrypted data in the data repository, wherein the key module expires encryption keys that are no longer in use such that the expired encryption keys cannot be used again. 11. The apparatus of claim 1 , wherein the lock module requests the keys from the plurality of key holders for generating the master key using an electronic request, the electronic request selected from group consisting of a text message, a push notification, an email, and a chat message. 12. The apparatus of claim 11 , wherein the detected configuration changes comprise one or more of a change in network ports and a change in available backends used by the encryption engine. 13. A system comprising: a data repository storing encrypted data; an encryption engine; and an apparatus comprising: a lock module that: receives a request to decrypt encrypted data that is stored in the data repository, the encrypted data encrypted using a first encryption key; and unlocks the encryption engine in response to the request, the encryption engine unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders; a decryption module that decrypts the encrypted data using the encryption engine, the encrypted data decrypted using the first encryption key; and an encryption module that re-encrypts the decrypted data using the encryption engine, the decrypted data re-encrypted with a second encryption key that is different than the first encryption key, the re-encrypted data stored in the data repository, wherein the lock module: detects a change in a configuration of the encryption engine; and locks the encryption engine in response to the detected configuration change. 14. The system of claim 13 , further comprising a member server that is configured to facilitate communications between the data repository and the encryption engine. 15. The system of claim 14 , wherein the member server comprises one or more tokens for identifying itself, the encryption engine being unlocked in response to determining that the member server is authorized to access the encryption engine based on the one or more tokens. 16. The system of claim 14 , further comprising a data module that encrypts the data using a cryptographic protocol while the data is in transit between the encryption engine, the data repository, and the member server. 17. The system of claim 16 , wherein the data repository comprises a database, the member server iterating over each row of the database and sending each row over a secure connection using the cryptographic protocol to the encryption engine as a continuous stream of data to be re-encrypted. 18. The system of claim 13 , wherein the detected configuration changes comprise one or more of a change in network ports and a change in available backends used by the encryption engine. 19. The system of claim 13 , wherein the lock module is further configured to use at least a subset of the plurality of keys received from a plurality of key holders to generate the master key, wherein a number of the subset is user configurable. 20. An apparatus comprising: means for receiving a request to decrypt encrypted data that is stored in a data repository, the encrypted data encrypted using a first encryption key; and means for unlocking an encryption engine in response to the request, the encryption engine unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders; means for decrypting the encrypted data using the encryption engine, the encrypted data decrypted using the first encryption key; and means for re-encrypting the decrypted data using the encryption engine, the decrypted data re-encrypted with a second encryption key that is different than the first encryption key, the re-encrypted data stored in the data repository; means for detecting a change in a configuration of the encryption engine; and means for locking the encryption engine in response to the detected configuration change.