SSE-C encryption support for snapshots stored on S3 bucket

[etiennegh]

Describe the bug

When defining encryption settings in the S3 AWS backupStorageLocation, it seems that the Velero VSphere Plugin is not using those to encrypt the snapshots when uploading them to the S3 target.

It's important to notice that traditional items directly backuped by Velero (applications yamls, etc.) are well encrypted into the bucket.

To Reproduce

Velero backup storage location is configured like the following:

spec:
  config:
    customerKeyEncryptionFile: /sseckey/ssec
    insecureSkipTLSVerify: "false"
    profile: default
    region: <region>
    s3ForcePathStyle: "true"
    s3Url: <s3_custom_endpoint_url>
    serverSideEncryption: AES256
  objectStorage:
    bucket: <bucket_name>
  provider: aws

Expected behavior

Snapshots would be encrypted on the S3 bucket and are only "readable" by Velero.
In our case, they can well be accessed and downloaded from S3 bucket using aws s3 CLI or our S3 custom appliance UI without having to specify any SSE-C key.

Anything else you would like to add:

Maybe this is an expected behaviour and encryption is not supported at all with velero plugin for vsphere, but it would be great to have an input on this subject as I did not find anything related in the history issues (and sorry if I missed some elements).

Thanks a lot for your help.