For using AWS S3 SSE-C, we need to provide our own encryption key. But after reading too much, I decided to create AWS KMS Customer Managed Key and create Data Encryption Key for a folder. And save the Encryption Wrapped DEK in Database for further encryption / decryption. So I would like to know if this is a good approach.
For some reasons, I need to separate the keys for each folder.