Skip to main content

Object Lock

Object Lock

EOS supports Object Locking, which enforces write-once-read-many (WORM) policies. Locked objects cannot be overwritten or deleted until their retention period expires. Object Lock supports two modes: Governance Lock and Legal Hold.

info

Object Lock can only be enabled at the time of bucket creation. It cannot be enabled on an existing bucket.

Enable Object Lock

When creating a bucket:

  1. Check the Enable Object Lock option on the bucket creation form.
  2. Once the bucket is created, navigate to the Object Lock tab.
  3. Set the desired retention period and select Governance as the lock mode.
  4. Save the configuration.

All objects uploaded to this bucket will automatically inherit the configured retention policy.

Governance Lock

When Governance Lock is active, every object uploaded inherits the configured retention period. The lock persists on individual objects even if you later disable Governance Lock at the bucket level.

To remove Governance Lock from a specific object version:

  1. Go to the Objects tab of the bucket.
  2. Click View all versions.
  3. Open the three-dot menu next to the version you want to modify.
  4. Select Lock Settings.
  5. Choose the option to remove the Governance Lock and save.

Legal Hold is a stricter, indefinite lock. It cannot be removed by retention period expiry — it must be explicitly cleared.

To enable or disable Legal Hold on a specific object version:

  1. Go to the Objects tab.
  2. Click See all versions.
  3. Open the three-dot menu for the object version.
  4. Click Lock Settings.
  5. Toggle Enable Legal Hold on or off.

Deleting Buckets with Locked Objects

A bucket containing objects under Governance Lock or Legal Hold cannot be fully deleted until all locks are cleared.

Reminder

Always verify object lock status before attempting to delete a bucket.