S3 blobstores support S3 Encryption as per
Further when creating an S3 blobstore, NXRM will use the S3 REST API to create the actual bucket if it does not exist.
When NXRM creates or modifies the bucket, and encryption settings are configured in the blobstore config, the Bucket will not reflect the encryption settings. If you go to the S3 Bucket Properties tab -> Encryption Settings, then you will notice Encryption is not enabled.
However operations that actually store objects in the bucket will ask that the object is encrypted according to the configured blobstore settings.
API that actually enables encryption on the bucket
NXRM does not call this API, hence this seemingly explains why when viewing the bucket encryption is not enabled by default.
There are options that can be implemented in S3 that prevent deploying objects that are not encrypted:
If a create S3 blobstore operation actually creates an S3 bucket, then use the appropriate REST API to enable encryption on the bucket if possible
Define how create/update blobstore config operations and failure modes need to work, if encryption settings are modified in the NXRM config and the bucket already exists.
What happens if bucket does not have a matching encryption setting after creating /updating a blobstore inside an existing bucket (prefix for example).
Possibly if the encryption settings of a blobstore do not match those already configured on the bucket, report this?