This page discusses the Object Retention Lock feature, which lets you set a
retention configuration on objects within Cloud Storage buckets that
have enabled the feature. A retention configuration governs how long the object
must be retained and has the option to permanently prevent the retention time
from being reduced or removed.
Object Retention Lock lets you define data retention requirements on a
per-object basis. This differs from Bucket Lock, which defines data
retention requirements uniformly for all objects in a bucket. With Object
Retention Lock, the retention configuration that you place on an object
contains the following properties:
A retain-until time that specifies a date and time until which the object
must be retained. Prior to this time, the object cannot be deleted or
replaced. Note that an object that hasn't reached this retain-until time can
still be made noncurrent.
The retain-until time has a maximum value of 3,155,760,000 seconds (100
years) from the current date and time.
A retention mode that controls what changes you can make to the retention
configuration.
Unlocked allows authorized users to modify or remove an object's
retention configuration without any limitations. In the XML API, this
mode is named GOVERNANCE.
Locked permanently prevents the retention date from being reduced or
removed. Once set to Locked, the mode cannot be changed, and
the retention period can only be increased. In the XML API, this
mode is named COMPLIANCE.
You can only set retention configurations on objects that reside in buckets
that have enabled the feature.
Existing buckets can only enable the feature using the Google Cloud console.
Once enabled, the feature cannot be disabled on a bucket.
After you enable the feature on a bucket, Cloud Storage applies a
lien to the projects.delete permission for the project that contains
the bucket, at best effort. To find out whether a lien has been applied,
list all project liens.
While in place, the lien prevents the project from being deleted. To delete
the project, you must first remove the lien.
Considerations
A bucket containing retained objects cannot be deleted until the retain-until
time on all objects in the bucket has passed and all objects inside the
bucket have been deleted.
An object can be subject to both its own retention configuration and an
overall bucket retention policy. If it is, the object is retained until
both retentions that apply to it have been satisfied.
You can use Object Lifecycle Management to automatically delete objects,
but a lifecycle rule won't delete an object until after the object has
reached its retention expiration date, even if the conditions of the
lifecycle rule have been met.
In buckets that use Object Versioning, a live object version that has a
retain-until time in the future can still be made noncurrent.
You shouldn't set retention configurations on objects that are meant to be
temporary, such as component pieces of a parallel composite upload.
An object's editable metadata is not subject to the retention
configuration and can be modified even when the object itself cannot be.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Object Retention Lock\n\n[Setup](/storage/docs/using-object-lock)\n\nThis page discusses the Object Retention Lock feature, which lets you set a\nretention configuration on objects within Cloud Storage buckets that\nhave enabled the feature. A retention configuration governs how long the object\nmust be retained and has the option to permanently prevent the retention time\nfrom being reduced or removed.\n\nIn conjunction with [Detailed audit logging mode](/storage/docs/org-policy-constraints#audit-logging), which logs\nCloud Storage request and response details, Object Retention Lock\n[can help with regulatory and compliance requirements](/security/compliance/sec-us), such as those\nassociated with FINRA, SEC, and CFTC. It can also help you address regulations\nin other industries such as health care.\n\nOverview\n--------\n\nObject Retention Lock lets you define data retention requirements on a\nper-object basis. This differs from [Bucket Lock](/storage/docs/bucket-lock), which defines data\nretention requirements uniformly for all objects in a bucket. With Object\nRetention Lock, the *retention configuration* that you place on an object\ncontains the following properties:\n\n- A *retain-until time* that specifies a date and time until which the object\n must be retained. Prior to this time, the object cannot be deleted or\n replaced. Note that an object that hasn't reached this retain-until time can\n still be [made noncurrent](/storage/docs/object-versioning).\n\n - The retain-until time has a maximum value of 3,155,760,000 seconds (100 years) from the current date and time.\n- A *retention mode* that controls what changes you can make to the retention\n configuration.\n\n - `Unlocked` allows authorized users to modify or remove an object's\n retention configuration without any limitations. In the XML API, this\n mode is named `GOVERNANCE`.\n\n - `Locked` permanently prevents the retention date from being reduced or\n removed. Once set to `Locked`, the mode cannot be changed, and\n the retention period can only be increased. In the XML API, this\n mode is named `COMPLIANCE`.\n\n - Locking a retention configuration can help your data\n [comply with record retention regulations](/security/compliance/sec-us).\n\nYou can only set retention configurations on objects that reside in buckets\nthat have enabled the feature.\n\n- Existing buckets can only enable the feature using the Google Cloud console.\n\n- Once enabled, the feature cannot be disabled on a bucket.\n\n- After you enable the feature on a bucket, Cloud Storage applies a\n [lien](/resource-manager/docs/project-liens) to the `projects.delete` permission for the project that contains\n the bucket, at best effort. To find out whether a lien has been applied,\n [list all project liens](/resource-manager/docs/project-liens#listing_liens_on_a_project).\n\n While in place, the lien prevents the project from being deleted. To delete\n the project, you must first [remove the lien](/resource-manager/docs/project-liens#removing_liens_from_a_project).\n\nConsiderations\n--------------\n\n- A bucket containing retained objects cannot be deleted until the retain-until\n time on all objects in the bucket has passed and all objects inside the\n bucket have been deleted.\n\n- An object can be subject to both its own retention configuration and an\n overall [bucket retention policy](/storage/docs/bucket-lock). If it is, the object is retained until\n both retentions that apply to it have been satisfied.\n\n - To see the earliest date that an object is eligible for deletion, [view the *retention expiration date* metadata](/storage/docs/viewing-editing-metadata#view) for the object.\n- Requests that attempt to set a retention configuration on a object that is\n subject to an [event-based hold](/storage/docs/object-holds) fail.\n\n - Requests that would simultaneously set a retention configuration for an\n object and place an event-based hold on the object similarly fail.\n\n - An object can simultaneously have a retention configuration and a\n [temporary hold](/storage/docs/object-holds).\n\n- You cannot destroy [Cloud Key Management Service key versions](/kms/docs/object-hierarchy#key_versions) that encrypt locked objects\n if the objects haven't met their retention expiration times. For more\n information, see [Key versions used to encrypt locked objects](/storage/docs/encryption/customer-managed-keys#locked-objects).\n\n- You can use [Object Lifecycle Management](/storage/docs/lifecycle) to automatically delete objects,\n but a lifecycle rule won't delete an object until after the object has\n reached its retention expiration date, even if the conditions of the\n lifecycle rule have been met.\n\n- In buckets that use [Object Versioning](/storage/docs/object-versioning), a live object version that has a\n retain-until time in the future can still be made noncurrent.\n\n- You shouldn't set retention configurations on objects that are meant to be\n temporary, such as component pieces of a [parallel composite upload](/storage/docs/parallel-composite-uploads).\n\n- An object's [editable metadata](/storage/docs/metadata#editable) is not subject to the retention\n configuration and can be modified even when the object itself cannot be.\n\nWhat's next\n-----------\n\n- [Use object retentions](/storage/docs/using-object-lock).\n- Learn about other Cloud Storage features that [protect objects and control their lifecycles](/storage/docs/control-data-lifecycles).\n- Learn about [Detailed audit logging mode](/storage/docs/org-policy-constraints#audit-logging), which can also help with regulatory and compliance requirements."]]
