This is currently supported only for buckets located in the US. On non-US buckets the SSE-C headers are silently ignored: the object is stored unencrypted and can be retrieved without the key.
PutObject with encryption.
PutObject with SSE-C
Don’t forget to update
--sse-customer-key here.