Writing to a S3 Bucket with Server-side encryption enabled

[alborz-plerionaut]

To upload objects to an S3 bucket that utilizes AWS Key Management Service (SSE-KMS) for server-side encryption, we need to include the HTTP header {"s3:x-amz-server-side-encryption": "aws:kms"} in the request. Is there a method available to achieve this?

[rtyler]

I was looking briefly at the object_store documentation, and I'm not sure there's a good way to specify the server side encryption. I thought that S3 buckets with encryption set by default wouldn't require this.

Are you wanting to specify a custom KMS key? If we can find a way to get what you need from object_store then it's a relatively straightforward exercise of constructing the ObjectStore instance and passing it into the deltalake code

[mightyshazam]

One way to do it is to use a lambda that updates the metadata of the file after writing it.