Passworded/client-side encrypted backups to upload to S3?

Say the Discourse forum contains sensitive material but we’d like to use the S3 backup feature. Is there a way (*) to encrypt the backup client side (or add a password etc) before sending the backup to the S3 bucket? Or does Discourse automatically do that using a local Discourse account password before uploading to S3?

The idea is the data shouldn’t be exposed to other 3rd parties beyond the current host.

(*) obviously other than using local backups and manually encrypt + upload those