Amazon S3 Replication now supports objects encrypted with server-side encryption with customer-provided keys (SSE-C). SSE-C is an encryption option that allows you to store your own encryption keys to satisfy compliance or security requirements, rather than having AWS store the keys on your behalf using SSE-S3 or SSE-KMS. Now you can automatically replicate your SSE-C encrypted objects to a secondary bucket for your data protection or multi-region resiliency needs. S3 Replication will automatically replicate newly uploaded SSE-C encrypted objects if they are eligible, as per your S3 Replication configurations. To replicate existing SSE-C objects, you can use S3 Batch Replication. To retrieve a replicated SSE-C encrypted object from S3, you supply the same key used to encrypt that object when it was initially uploaded to S3.