How can the user achieve this?
The admin should upload his secret key to the AWS console and let S3 decrypt the objects
The admin should use CLI or API to upload the encryption key to the S3 bucket. When making a call to the S3 API mention the encryption key URL in each request
S3 does not support client supplied encryption keys for server side encryption
The admin should send the keys and encryption algorithm with each API call
Explanations:
S3 does not support uploading a secret key directly to the AWS console for automatic decryption of objects. Instead, S3 uses managed keys or customer-managed keys for encryption.
S3 does support client-supplied encryption keys, but the encryption key should be supplied during the API call, not uploaded to the S3 bucket. Additionally, each request would require the encryption key to be provided in the headers.
S3 does support client-supplied encryption keys for server-side encryption, using the SSE-C (Server-Side Encryption with Customer-Provided Keys) feature.
To use client-supplied encryption keys, the admin must send the encryption key and the algorithm (e.g., AES-256) with each API call to S3, using the appropriate headers for the encryption process.