Object Locking and Retention
What is Object Locking?
Object Locking is a mechanism in S3‑compatible storage systems that protects objects in a bucket from modification or deletion. It enables the implementation of Write‑Once‑Read‑Many (WORM) models, where data remains immutable after being written. Object Locking is especially useful for meeting legal requirements, long‑term data retention, or immutability needs, such as legal, financial, or regulatory obligations.
Object Locking can be used in two ways:
- Legal Hold: a permanent protection mechanism without a time limit.
- Retention Periods: a time‑limited protection that automatically ends after a defined period.
Object Locking with Legal Hold
What is Legal Hold?
Legal Hold (German: "rechtliche Sperre") is a special protection mechanism for objects in your bucket that prevents objects from being deleted or changed – regardless of any configured retention periods. Once a Legal Hold is set, the object remains protected until the hold is explicitly removed.
Typical use cases for Legal Hold:
1) Compliance requirements:
- Compliance with legal retention obligations (e.g., GoBD, GDPR)
- Ensuring evidence preservation in legal disputes
2) Data forensics:
- Protecting critical data during investigations
- Preventing destruction of evidence
3) Important business documents:
- Contracts and agreements
- Financial records and accounting documents
- Logs and decision documentation
Practical usage (MinIO client)
# Enable Legal Hold for an object
mc legalhold set nws/my-bucket/contracts/important_contract.pdf
# Check status
mc legalhold info nws/my-bucket/contracts/important_contract.pdf
# Remove Legal Hold (if allowed)
mc legalhold clear nws/my-bucket/contracts/important_contract.pdf
Important properties of Legal Hold:
- Independent of Retention Periods: works in addition to any retention periods
- No time limit: stays active until explicitly cleared
- No automatic deletion: affected objects are protected from automatic deletion
What are Retention Periods?
Retention Periods (German: "Aufbewahrungsfristen") are time‑limited protection mechanisms that define how long an object in a bucket remains immutable and protected from deletion. After the defined period expires, the object is automatically released and can be deleted or overwritten again. Retention Periods are especially suitable for scenarios where data must be retained for a fixed period, e.g., due to legal regulations.
Practical usage of Retention Periods
# Set a retention period for an object (e.g., 30 days)
mc retention set governance 30d nws/my-bucket/contracts/important_contract.pdf
# Check retention period status
mc retention info nws/my-bucket/contracts/important_contract.pdf
Important properties of Retention Periods:
- Time‑limited: protection ends automatically after the period
- Flexibility: periods can be adjusted as needed
- Automatic release: objects become editable again after the period
Difference between Legal Hold and Retention Periods
| Feature | Legal Hold | Retention Period |
|---|---|---|
| Time limit | No | Yes |
| Automatic release | No | Yes (after expiry) |
| Compliance security | High | Medium |
| Flexibility | Low | Higher |
| Typical application | Legal holds, evidence preservation | Time‑limited retention |