I wonder how you managed to run a repo on a S3 bucket with multiple hosts, where each host could only see its own snapshots, in the first place, since you had to give the repo password to each host, to be able to decrypt the repo.
You can, however, achieve this with your local Kopia server, easily, since Kopia’s API do support repo users, which have their own password. So only the Kopia server would have the repo password and handle all Kopia client requests on behalf of those clients. This has been the same for 0.7.x and 0.8.x and I really don’t know, if this would be easy to change, since this would mean to introduce some fundamental changes to the repo.
E.g. if you wanted to have “repo users” over the Web, there would have to be several keys to manage, whereas the blobs themselves share the same encryption key, but the fragments, which are describing each client’s snapshots would be have to be enrypted with the respective key of that repo user.
This is probably not impossible, but at least more complex. I wouldn’t hold my beath, waiting for it.