My app stores files with Firebase Storage. I want to encrypt these files conveniently on the server. Firebase Storage uses Google Cloud Storage. And Google Cloud Storage offers two options for this: Customer-supplied encryption keys, where the app provides a key, and customer-managed encryption keys, where the app provides the name of the server-side “encryption service account” in Google cloud storage.
I think my Java back-end that creates my files would be fine: The Firebase Admin SDK uses the Java Cloud Storage library. And there Storage.BlobTargetOption has an encryptionKey() method for the customer-supplied encryption key, and a kmsKeyName() method for the customer-managed encryption keys.
But I don’t see how I can download files with customer-supplied/managed encryption keys in Angular or Flutter. In Flutter, getting a reference to a file only lets me specify a path, not a key or key name. And getting a download URL for that reference has no parameters, so no key or key name here, either. The same is true for the Angular SDK: No way to specify a key or key name when creating the "bucket" to access a file (sorry, no link here) and when getting the file's download URL, either.
So: How do I download files with customer-supplied/managed encryption keys with Firebase Storage in Angular or Flutter?
