Will encryption keys be backed up if I set up object storage as primary storage and has system-side encryption enabled?

Hello, as the title suggests, I’m currently writing a docker compose script to host my NextCloud instance, but I’m noticed in the documents that you’re supposed to back up the encryption keys once you enable server-side encryption, but it makes no mention of whether those keys will be automatically sent to the object storage (specifically, Backblaze B2 using their S3-compatible API) I will be setting up as the primary storage.

Has anyone done both of the above? I’ll come up with a backup solution for myself if that ends up not being the case.

You can’t check on the object storage if there are keys uploaded as well? The server side encryption should protect against non-trustworthy external storage, so it would make sense to not upload the keys and just the encrypted files (that are useless for the third-party providing your external storage).

I was a bit confused because from what I read (and now confirmed), Nextcloud strips all the metadata away from your files and keep them in your database instead.

I’ve just checked as well that there’s basically no encryption keyfiles in both the data directory and the encryption app’a directory.

Not sure whether that is intended or not, but it does save me the hassle of having to deal with backups of those keys in the first place.

I do not use server-side-encryption.

Nextcloud is free software. First i must understand the mechanism. But i found no documentation in the internet. The risk of encryption would be far too great for me.

Here is a link behind a paywall. It think best is that only enterprise user use this feature.
How does the server-side encryption mechanism work?