Organizations using audit log streaming to S3 need to meet strict encryption requirements for compliance frameworks (SOC 2, HIPAA, etc.). Currently, CircleCI audit log streaming doesn't support customer-managed KMS keys for S3 bucket encryption, limiting organizations' ability to maintain full control over their encryption keys and meet certain security standards.

Requested Feature:

Add support for customers to provide their own KMS key ARN when configuring audit log streaming to S3.

This would allow:

Organizations to use their own customer-managed KMS keys (CMK) for encrypting audit logs at rest

Full control over key rotation, access policies, and encryption management

Compliance with security frameworks that require customer-controlled encryption

Integration with existing key management workflows and governance

Use Case:

Enterprise security teams need to maintain control over encryption keys for sensitive audit data to meet compliance requirements. This is especially critical for organizations in regulated industries (financial services, healthcare, government) where customer-managed encryption is often mandatory.