diff --git a/README.md b/README.md
index eed9692..52cfde4 100644
--- a/README.md
+++ b/README.md
@@ -195,6 +195,12 @@ The network proxy url used when sending requests to S3.
 
 *Default:* `undefined`
 
+### serverSideEncryption
+
+The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256, aws:kms). Possible values include:
+  - "AES256"
+  - "aws:kms"
+
 ## Prerequisites
 
 The following properties are expected to be present on the deployment `context` object:
diff --git a/index.js b/index.js
index bd7d1be..58c3835 100644
--- a/index.js
+++ b/index.js
@@ -45,19 +45,20 @@ module.exports = {
       requiredConfig: ['bucket', 'region'],
 
       upload: function(context) {
-        var self         = this;
+        var self                  = this;
 
-        var filePattern   = this.readConfig('filePattern');
-        var distDir       = this.readConfig('distDir');
-        var distFiles     = this.readConfig('distFiles');
-        var gzippedFiles  = this.readConfig('gzippedFiles');
-        var bucket        = this.readConfig('bucket');
-        var acl           = this.readConfig('acl');
-        var prefix        = this.readConfig('prefix');
-        var manifestPath  = this.readConfig('manifestPath');
-        var cacheControl  = this.readConfig('cacheControl');
-        var expires       = this.readConfig('expires');
-        var dotFolders    = this.readConfig('dotFolders');
+        var filePattern           = this.readConfig('filePattern');
+        var distDir               = this.readConfig('distDir');
+        var distFiles             = this.readConfig('distFiles');
+        var gzippedFiles          = this.readConfig('gzippedFiles');
+        var bucket                = this.readConfig('bucket');
+        var acl                   = this.readConfig('acl');
+        var prefix                = this.readConfig('prefix');
+        var manifestPath          = this.readConfig('manifestPath');
+        var cacheControl          = this.readConfig('cacheControl');
+        var expires               = this.readConfig('expires');
+        var dotFolders            = this.readConfig('dotFolders');
+        var serverSideEncryption  = this.readConfig('serverSideEncryption');
 
         var filesToUpload = distFiles.filter(minimatch.filter(filePattern, { matchBase: true, dot: dotFolders }));
 
@@ -77,6 +78,10 @@ module.exports = {
           expires: expires
         };
 
+        if (serverSideEncryption) {
+          options.serverSideEncryption = serverSideEncryption;
+        }
+
         this.log('preparing to upload to S3 bucket `' + bucket + '`', { verbose: true });
 
         return s3.upload(options)
diff --git a/lib/s3.js b/lib/s3.js
index 0a3318b..286d425 100644
--- a/lib/s3.js
+++ b/lib/s3.js
@@ -99,14 +99,15 @@ module.exports = CoreObject.extend({
   },
 
   _putObjects: function(filePaths, options) {
-    var plugin           = this._plugin;
-    var cwd              = options.cwd;
-    var bucket           = options.bucket;
-    var prefix           = options.prefix;
-    var acl              = options.acl;
-    var gzippedFilePaths = options.gzippedFilePaths || [];
-    var cacheControl     = options.cacheControl;
-    var expires          = options.expires;
+    var plugin               = this._plugin;
+    var cwd                  = options.cwd;
+    var bucket               = options.bucket;
+    var prefix               = options.prefix;
+    var acl                  = options.acl;
+    var gzippedFilePaths     = options.gzippedFilePaths || [];
+    var cacheControl         = options.cacheControl;
+    var expires              = options.expires;
+    var serverSideEncryption = options.serverSideEncryption;
 
     mime.default_type = options.defaultMimeType || mime.lookup('bin');
 
@@ -140,6 +141,11 @@ module.exports = CoreObject.extend({
         CacheControl: cacheControl,
         Expires: expires
       };
+
+      if (serverSideEncryption) {
+        params.ServerSideEncryption = serverSideEncryption;
+      }
+
       if (isGzipped) {
         params.ContentEncoding = 'gzip';
       }
diff --git a/tests/unit/lib/s3-nodetest.js b/tests/unit/lib/s3-nodetest.js
index 2ba192e..24a7976 100644
--- a/tests/unit/lib/s3-nodetest.js
+++ b/tests/unit/lib/s3-nodetest.js
@@ -114,9 +114,36 @@ describe('s3', function() {
             assert.equal(s3Params.CacheControl, 'max-age=1234, public');
             assert.equal(s3Params.Expires, '2010');
             assert.isUndefined(s3Params.ContentEncoding);
+            assert.isUndefined(s3Params.ServerSideEncryption);
           });
       });
 
+      it('sets ServerSideEncryption using serverSideEncryption', function() {
+        var s3Params;
+        s3Client.putObject = function(params, cb) {
+          s3Params = params;
+          cb();
+        };
+
+        var options = {
+          filePaths: ['app.css'],
+          cwd: process.cwd() + '/tests/fixtures/dist',
+          prefix: 'js-app',
+          acl: 'public-read',
+          bucket: 'some-bucket',
+          cacheControl: 'max-age=1234, public',
+          expires: '2010',
+          serverSideEncryption: 'AES256'
+        };
+
+        var promise = subject.upload(options);
+
+        return assert.isFulfilled(promise)
+          .then(function() {
+            assert.equal(s3Params.ServerSideEncryption, 'AES256', 'ServerSideEncryption passed correctly');
+        });
+      });
+
       it('sends the correct content type params for gzipped files with .gz extension', function() {
         var s3Params;
         s3Client.putObject = function(params, cb) {