Encrypted data bags should use different HMAC key and include the IV in the HMAC