Upload to S3 Bucket does not use Default CMK for SSE-KMS #17725
Description
Describe the bug
We have an S3 bucket with a default encryption enabled using a Customer Managed Key (CMK) for SSE-KMS. When we upload files using aws s3 cp <filename> s3://<bucket_name>/<filename> the object is properly encrypted with the CMK. When we upload the same file using CyberDuck, the object is encrypted with the default AWS S3 encryption key, not our CMK that we have configured on the bucket.
There seems to be no way in the CyberDuck UI or in a .cyberduckprofile to force the CyberDuck upload to use the CMK assigned to the bucket.
To Reproduce
- Create an S3 bucket and enable SSE-KMS encryption with a Customer Managed Key (CMK).
- Enable the "Bucket key" setting (or don't, because it doesn't seem to make a difference) to point to the CMK
- Connect CyberDuck to the S3 bucket
- Upload a file using CyberDuck
- Check the encryption settings on the object (either in CyberDuck or in the AWS Console or using the AWSCLI) and note that the encryption key is the AWS-managed S3 encryption key, not the CMK assigned to the bucket.
Expected behavior
The object would be encrypted by the CMK, not the AWS default key.
Desktop (please complete the following information):
- OS: macOS, 15.7.1
- CyberDuck Version: 9.3.1 (beta)
Log Files
Additional context
Note that is is related to (but different from) an existing issue/bug: #11583