diff --git a/package-lock.json b/package-lock.json
index 074c021..7680571 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "aws-lambda-stream",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "aws-lambda-stream",
-      "version": "1.1.5",
+      "version": "1.1.6",
       "license": "MIT",
       "dependencies": {
         "object-sizeof": "^2.6.0"
diff --git a/package.json b/package.json
index ccd2324..0b05acf 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "aws-lambda-stream",
-  "version": "1.1.5",
+  "version": "1.1.6",
   "description": "Create stream processors with AWS Lambda functions.",
   "keywords": [
     "aws",
diff --git a/src/utils/encryption.js b/src/utils/encryption.js
index 3a97167..2147154 100644
--- a/src/utils/encryption.js
+++ b/src/utils/encryption.js
@@ -128,10 +128,11 @@ export const encryptEvent = ({
       return _(Promise.resolve(uow));
     }
 
+    const eemMetadata = typeof eem === 'function' ? eem(uow[sourceField], uow) : eem;
     const p = encryptObject(uow[sourceField], {
       masterKeyAlias,
       regions,
-      ...eem, // fields and overrides
+      ...eemMetadata, // fields and overrides
       AES,
     })
       // .tap(debug)
diff --git a/test/unit/utils/encryption.test.js b/test/unit/utils/encryption.test.js
index 759e460..91b5f6d 100644
--- a/test/unit/utils/encryption.test.js
+++ b/test/unit/utils/encryption.test.js
@@ -91,6 +91,79 @@ describe('utils/encryption.js', () => {
         .done(done);
     });
 
+    it('should encrypt an event - trigger function w/ eem function', (done) => {
+      const events = toDynamodbRecords([
+        {
+          timestamp: 1572832690,
+          keys: {
+            pk: '1',
+            sk: 'thing',
+          },
+          newImage: {
+            pk: '1',
+            sk: 'thing',
+            discriminator: 'thing',
+            name: 'n1',
+            description: 'd1',
+            status: 's1',
+          },
+        },
+      ]);
+
+      fromDynamodb(events)
+        .through(encryptEvent({
+          eem: (event, _uow) => {
+            if (event.raw.new.discriminator === 'thing') {
+              return {
+                fields: ['name', 'description'],
+              };
+            }
+            return {
+              fields: [],
+            };
+          },
+          masterKeyAlias: 'alias/aws-kms-ee',
+          AES: false,
+        }))
+        .collect()
+        .tap((collected) => {
+          // console.log(JSON.stringify(collected, null, 2));
+
+          expect(collected.length).to.equal(1);
+          expect(collected[0].event).to.deep.equal({
+            id: '0',
+            type: 'thing-created',
+            partitionKey: '1',
+            timestamp: 1572832690000,
+            tags: {
+              region: 'us-west-2',
+            },
+            raw: {
+              new: {
+                pk: '1',
+                sk: 'thing',
+                discriminator: 'thing',
+                name: 'Im4xIg==',
+                description: 'ImQxIg==',
+                status: 's1',
+              },
+              old: undefined,
+            },
+            eem: {
+              masterKeyAlias: 'alias/aws-kms-ee',
+              dataKeys: {
+                'us-west-2': MOCK_GEN_DK_RESPONSE.CiphertextBlob.toString('base64'),
+              },
+              fields: [
+                'name',
+                'description',
+              ],
+            },
+          });
+        })
+        .done(done);
+    });
+
     it('should decrypt an event - listener function', (done) => {
       const events = toKinesisRecords([
         {