Stay organized with collections
Save and categorize content based on your preferences.
This page guides you through how to set retention periods for storage buckets within Google Distributed Cloud (GDC) air-gapped environments. It covers the prerequisites and the steps for defining the length of time that data must be retained within a storage bucket using both the GDC console and command line interface (CLI). This information helps you meet your regulatory and data management requirements.
This page is for audiences such as IT administrators within the infrastructure operator group or developers within the application operator group who are responsible for configuring and managing storage bucket settings in GDC air-gapped environments. For more information, see Audiences for GDC air-gapped documentation.
Before you begin
A project namespace manages bucket resources in the Management API server. You
must have a project to work with buckets and objects.
You must also have the appropriate bucket permissions to perform the following
operation. See Grant bucket access.
Set a bucket retention period
Console
In the navigation menu, click Object Storage.
Click the name of the bucket that you want to update.
Click the Configuration tab.
In the Security section, next to the Retention policy field, click editEdit.
Edit the number of days with a value higher than the existing number of days and click Save.
CLI
By default, you can delete objects at any time. You can enable object locking
with a retention period to prevent all objects in the bucket from deletion for
the specified number of days. You cannot delete a bucket until you
delete all objects after the retention period.
You must enable object locking when creating the bucket. You cannot enable or
disable object locking after you create a bucket. However, you can modify the
default object retention period.
You can create a bucket with or without enabling object locking. If you've
enabled object locking, specifying a default retention period is optional.
To modify the retention period, update the
Bucket.spec.buckePolicy.lockingPolicy.defaultObjectRetentionDays field in the
Bucket resource.
The following is an example of updating the field in the Bucket resource:
Any updates to the retention period apply to objects created in the bucket after
the update. For pre-existing objects, the retention period does not change.
When you've enabled object locking, if you attempt to overwrite an object, you add a new
version of the object. You can retrieve both object versions. To retrieve object versions, see List storage objects.
To create a write-once, read-many (WORM) bucket, refer to the
WORM Bucket section.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis document outlines how to set and modify retention periods for Google Distributed Cloud (GDC) air-gapped storage buckets, which prevents objects from being deleted before the specified period.\u003c/p\u003e\n"],["\u003cp\u003eObject locking must be enabled when the bucket is created, and while it cannot be enabled or disabled after bucket creation, the default object retention period can be modified.\u003c/p\u003e\n"],["\u003cp\u003eYou can set the default object retention period via the console by updating the "Retention policy" field or using the command-line interface (CLI) by modifying the \u003ccode\u003eBucket.spec.buckePolicy.lockingPolicy.defaultObjectRetentionDays\u003c/code\u003e field.\u003c/p\u003e\n"],["\u003cp\u003eUpdating the retention period only affects objects created after the update; pre-existing objects are not impacted by changes to the retention period.\u003c/p\u003e\n"],["\u003cp\u003eWhen object locking is enabled, attempting to overwrite an object results in a new version being created, allowing users to retrieve both versions of the object.\u003c/p\u003e\n"]]],[],null,["# Set storage bucket retention periods\n\nThis page guides you through how to set retention periods for storage buckets within Google Distributed Cloud (GDC) air-gapped environments. It covers the prerequisites and the steps for defining the length of time that data must be retained within a storage bucket using both the GDC console and command line interface (CLI). This information helps you meet your regulatory and data management requirements.\n\nThis page is for audiences such as IT administrators within the infrastructure operator group or developers within the application operator group who are responsible for configuring and managing storage bucket settings in GDC air-gapped environments. For more information, see [Audiences for GDC air-gapped documentation](/distributed-cloud/hosted/docs/latest/gdch/resources/audiences).\n\nBefore you begin\n----------------\n\nA project namespace manages bucket resources in the Management API server. You\nmust have a [project](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/project-management) to work with buckets and objects.\n\nYou must also have the appropriate bucket permissions to perform the following\noperation. See [Grant bucket access](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/grant-obtain-storage-access#grant_bucket_access).\n\nSet a bucket retention period\n-----------------------------\n\n### Console\n\n1. In the navigation menu, click **Object Storage**.\n2. Click the name of the bucket that you want to update.\n3. Click the **Configuration** tab.\n4. In the Security section, next to the **Retention policy** field, click edit **Edit**.\n5. Edit the number of days with a value higher than the existing number of days and click **Save**.\n\n### CLI\n\nBy default, you can delete objects at any time. You can enable object locking\nwith a retention period to prevent all objects in the bucket from deletion for\nthe specified number of days. You cannot delete a bucket until you\ndelete all objects after the retention period.\n\nYou must enable object locking when creating the bucket. You cannot enable or\ndisable object locking after you create a bucket. However, you can modify the\ndefault object retention period.\n\nYou can create a bucket with or without enabling object locking. If you've\nenabled object locking, specifying a default retention period is optional.\n\nTo modify the retention period, update the\n`Bucket.spec.buckePolicy.lockingPolicy.defaultObjectRetentionDays` field in the\n[Bucket resource](../../apis/storage-krm-api.md).\n\nThe following is an example of updating the field in the Bucket resource: \n\n apiVersion: object.gdc.goog/v1\n kind: Bucket\n metadata:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eBUCKET_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eNAMESPACE_NAME\u003c/span\u003e\u003c/var\u003e\n spec:\n description: \"This bucket has a default retention period specified.\"\n storageClass: Standard\n bucketPolicy:\n lockingPolicy:\n defaultObjectRetentionDays: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eRETENTION_DAY_COUNT\u003c/span\u003e\u003c/var\u003e\n ----------\n apiVersion: object.gdc.goog/v1\n kind: Bucket\n metadata:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eBUCKET_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eNAMESPACE_NAME\u003c/span\u003e\u003c/var\u003e\n spec:\n description: \"This would enable object locking but not specify a default retention period.\"\n storageClass: Standard\n bucketPolicy:\n lockingPolicy:\n ----------\n apiVersion: object.gdc.goog/v1\n kind: Bucket\n metadata:\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eBUCKET_NAME\u003c/span\u003e\u003c/var\u003e\n namespace: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eNAMESPACE_NAME\u003c/span\u003e\u003c/var\u003e\n spec:\n description: \"This bucket does not have locking or retention enabled.\"\n storageClass: Standard\n\nAny updates to the retention period apply to objects created in the bucket after\nthe update. For pre-existing objects, the retention period does not change.\n\nWhen you've enabled object locking, if you attempt to overwrite an object, you add a new\nversion of the object. You can retrieve both object versions. To retrieve object versions, see [List storage objects](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/list-storage-objects).\n\nTo create a write-once, read-many (WORM) bucket, refer to the\n[WORM Bucket](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/create-storage-worm-buckets) section."]]
