Companion and AWS S3 encryption


We are looking into uppy for uploading files to and aws s3 bucket directly and we managed to setup companion todo it. But now we want to also make sure the files that we transfer are encrypted in the bucket as well. S3 offers 2 ways of doing that. Either SSE-C with means that we need to send a bunch of headers along (including the encryption key) when we generate the presigned url. It is not clear to us where we would have to define them when using companion. We know that we could use our own getUploadParameters on the s3 plugin to ask our backend to prepare the signed url and also send back the necessary headers (which will be posted as fields) but it seems we cannot do that in combination with companion. The companion code that handles the s3 upload (which we think is here uppy/s3.js at 72bef8d9d78229cc223d2d865284f71fbd596212 · transloadit/uppy · GitHub) does not seem to allow adding more fields and hence it directly means we cannot send the encryption headers along. I guess there is not other way then to fork the companion code and allow it ourselves or are we missing something? Our main use case is also that we want to use the other provider like dropbox, google drive in combo with companion which will then upload it to s3 encrypted. We also know we can setup transparent encryption on the bucket level but would like to be in control of the encryption key. Would be nice if the above can be confirmed.