I remember @Martin Fiser33 and I discussing this before, and I believe our own conclusion of that is that there is no way to do this.
We assume that there is sensitive data in a column, that would get encrypted in transit before it hits Keboola. In this case, I don't think there is any way, since any manipulation done on the data would happen in some way on Keboola infra.
I think our only solution, but i'm fuzzy on details, is that it needs to be encrypted on your servers, and can be joined and identified via id, and then pass it through Keboola, and then you will need to decrypt once it's at your dwh or wherever you are sending the data.
curious to hear others' thoughts though