Skip to content

Added documentation for R2 bucket locks #19477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jan 31, 2025
Merged

Added documentation for R2 bucket locks #19477

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d7073b9
Added documentation for R2 bucket locks
jonesphillip Jan 27, 2025
434f692
Clarify locks apply to both new and existing objects.
jonesphillip Jan 28, 2025
c5b769e
Apply suggestions from code review
jonesphillip Jan 28, 2025
4e04711
Fix typo in API docs url
jonesphillip Jan 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions src/content/docs/r2/buckets/bucket-locks.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
---
title: Bucket locks
Copy link
Contributor

@Oxyjun Oxyjun Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
title: Bucket locks
title: Use bucket locks

Do you think it's worth changing this title, and removing the "Get started with bucket locks" H2 below?

pcx_content_type: how-to
---

Bucket locks prevent the deletion and overwriting of objects in an R2 bucket for a specified period — or indefinitely. When enabled, bucket locks enforce retention policies on your objects, helping protect them from accidental or premature deletions.

## Get started with bucket locks
Copy link
Contributor

@Oxyjun Oxyjun Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## Get started with bucket locks


### Prerequisites
Copy link
Contributor

@Oxyjun Oxyjun Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Prerequisites
## Prerequisites


Before getting started, you will need:

- An existing R2 bucket. If you do not already have an existing R2 bucket, refer to [Create buckets](/r2/buckets/create-buckets/).
- An API token with [permissions](/r2/api/s3/tokens/#permissions) to edit R2 bucket configuration.

:::note

Bucket locks are currently configurable via API only.
:::

### Enable bucket lock via API
Copy link
Contributor

@Oxyjun Oxyjun Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Enable bucket lock via API
## Enable bucket lock via API


Below is an example of setting a bucket lock configuration (a collection of rules):

```bash
curl -X PUT "https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/r2/buckets/<BUCKET_NAME>/lock" \
-H "Authorization: Bearer <API_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
"rules": [
{
"id": "lock-logs-7d",
"enabled": true,
"prefix": "logs/",
"condition": {
"type": "Age",
"maxAgeSeconds": 604800
}
},
{
"id": "lock-images-indefinite",
"enabled": true,
"prefix": "images/",
"condition": {
"type": "Indefinite"
}
}
]
}'
```

This request creates two rules:

- `lock-logs-7d`: Objects under the `logs/` prefix are retained for 7 days (604800 seconds).
- `lock-images-indefinite`: Objects under the `images/` prefix are locked indefinitely.

For more information on required parameters and examples of how to enable bucket lock, refer to the [API documentation](/api/resources/r2/subresources/buckets/subresources/lock/methods/update/). For information about getting started with the Cloudflare API, refer to [Make API calls](/fundamentals/api/how-to/make-api-calls/).

### Get bucket lock rules via API
Copy link
Contributor

@Oxyjun Oxyjun Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Get bucket lock rules via API
## Get bucket lock rules via API


For more information on required parameters and examples of how to get bucket lock rules, refer to the [API documentation](/api/resources/r2/subresources/buckets/subresources/lock/methods/update/).

## Bucket lock rules
Copy link
Contributor

@Oxyjun Oxyjun Jan 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've not turned this H2 into a H1, as we don't typically have H1s later in the page. I personally think this still works?

We can consider adding numbers to the other H2s if we want to emphasise a sense of progression.


A bucket lock configuration can include up to 1,000 rules. Each rule specifies which object it covers (via prefix) and how long those objects must remain locked. You can:

- Lock objects for a specific duration. For example, 90 days.
- Retain objects until a certain date. For example, until January 1, 2026.
- Keep objects locked indefinitely.

If multiple rules apply to the same prefix or object key, the strictest (longest) retention requirement takes precedence.

## Notes

- Rules without prefix apply to all objects in the bucket.
- Bucket lock rules take precedence over [lifecycle rules](/r2/buckets/object-lifecycles/). For example, if a lifecycle rule attempts to delete an object at 30 days but a bucket lock rule requires it be retained for 90 days, the object will not be deleted until the 90-day requirement is met.
Loading