If you really want to separate the data provider and data consumer, perhaps using asymmetric keys is the better solution? That way, those that enter/update data encrypt using the PubKey while whoever is authorized to read has access to the PrivKey. The key management work is non-trivial plus you can expect a performance hit (potentially big hit) but it'll get you what you want.