This is certainly possible using new encryption schemes.
See sample code below:
Alice wants to send a message to a Resource Server X. The resource server saves the encrypted data in the cloud and I presume this is your use case.
Alice fetches a shared key for X and encrypts the message to be sent to X. This message can be stored on the public cloud and no one other than the resource server can decrypt this message not even administrators.
var HEClient = new ASKClient("Alice Resource Login Token","Alice Resource Name", "Alice Resource Login Token Password");
This is how alice will fetch the shared key for X
var sharedkey = HEClient.GetPreSharedKeyByKnownName("X",UnixTimeStamp);
This is how alice will encrypt the message
var encryptedmessage = HEClient.EncryptMessageUsingSharedKey("X",<Encrypted Message>,<sharedkey>);
Note here that internally the library also makes use of "Alice Resource Login Token Password" to encrypt the message.. This kind of encryption scheme is not currently available anywhere where the private passsword and shared key together is used to encrypt the message.
This encrypted message can be sent to the resource server. The resource server can download the shared key for alice by using the unix timestamp and save the shared key.
This encrypted message/file can be stored in the public cloud along with the shared key
(What?? saving it along with the key, that's right, the shared key is useless since the encryption and decryption also needs the resource secret(password) to decrypt the message like shown below)
var HEClient = new ASKClient("Resource X Login Token","Resource Name", "Resource Password");
Note here that the shared key of alice along with the resource password is required to decrypt the message
This is how Resource Server will fetch the shared key for X
var sharedkey = HEClient.GetPreSharedKeyByKnownName("alice resource name",UnixTimeStamp);
This is how Resource Server will decrypt the message
var decryptmessage = HEClient.DecryptMessageUsingSharedKey(<Encrypted Message>, sharedkey>);
You can search for this library in nuget:
ASK Client Library ASK Client nuget