mc retention set

The mc retention set command configures the Write-Once Read-Many (WORM) locking settings for an object or object(s) in a bucket. You can also set the default object lock settings for a bucket, where all objects without explicit object lock settings inherit the bucket default.

To lock an object under legal hold, use mc legalhold set.

Object Locking on Existing Buckets

Beginning with RELEASE.2025-05-20T20-30-00Z, AIStor allows setting object locking and retention rules on any existing bucket. Earlier versions of AIStor only allowed setting retention rules for buckets that allowed object locking at the bucket’s creation.

See mc mb --with-lock for documentation on creating buckets with object locking enabled.

Syntax

Example Syntax

The command has the following syntax:

mc [GLOBALFLAGS] retention set                         \
                 [--bypass]                            \
                 [--default]                           \
                 [--recursive]                         \
                 [--rewind "string"]                   \
                 [--versions]                          \
                 [--version-id "string"]*              \
                 MODE                                  \
                 "VALIDITY"                            \
                 ALIAS

Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Parameters

MODE

Required

Sets the locking mode for the ALIAS. Specify one of the following supported values:

governance
compliance

See the AWS S3 documentation on Object Lock Overview for more information on the supported modes.

Requires specifying VALIDITY.

VALIDITY

Required

The duration which objects remain in the specified MODE after creation.

For days, specify a string formatted as Nd. For example, 30d for 30 days after object creation.
For years, specify a string formatted as Ny. For example, 1y for 1 year after object creation.

ALIAS

Required

The full path to the object or objects for which to set object lock configuration. Specify the alias for the AIStor or S3-compatible service and the full path to bucket. For example:

mc retention set play/mybucket/object.txt MODE VALIDITY

If the ALIAS specifies a bucket or bucket prefix, include --recursive to apply the object lock settings to the bucket contents.
mc retention set by default applies to only the latest object version.

Use --version-id or --versions to apply the object lock settings to a specific version or to all versions of the object respectively.

--bypass

Optional

Allows a user with the s3:BypassGovernanceRetention permission to modify the object. Requires the governance retention MODE.

--default

Optional

Sets the default object lock settings for the bucket specified to ALIAS using the MODE and VALIDITY. Any objects created in the bucket inherit the default object lock settings unless explicitly overridden using mc retention set.

If specifying --default, mc retention set ignores all other flags.

Beginning with RELEASE.2025-05-20T20-30-00Z, AIStor allows setting object locking on any existing bucket. Use the --default flag on an existing bucket to enable locking in the bucket.

--recursive, --r

Optional

Recursively applies the object lock settings to all objects in the specified ALIAS path.

Mutually exclusive with --version-id.

--rewind

Optional

Directs mc retention set to operate only on the object version(s) that existed at specified point-in-time.

To rewind to a specific date in the past, specify the date as an ISO8601-formatted timestamp. For example: --rewind "2025.03.24T10:00".
To rewind a duration in time, specify the duration as a string in #d#hh#mm#ss format. For example: --rewind "1d2hh3mm4ss".

--rewind requires that the specified ALIAS be an S3-compatible service that supports Bucket Versioning. For AIStor deployments, use mc version to enable or disable bucket versioning.

--version-id

Alias: --vid

Optional

Directs mc retention set to operate only on the specified object version.

--version-id requires that the specified ALIAS be an S3-compatible service that supports Bucket Versioning. For AIStor deployments, use mc version to enable or disable bucket versioning.

Mutually exclusive with any of the following flags:

--versions
--rewind
--recursive

--versions

Optional

Directs mc retention set to operate on all object versions that exist in the bucket.

--versions requires that the specified ALIAS be an S3-compatible service that supports Bucket Versioning. For AIStor deployments, use mc version to enable or disable bucket versioning.

Use --versions and --rewind together to apply the retention settings to all object versions that existed at a specific point-in-time.

Global flags

This command supports any of the global flags.

Examples

Set default bucket retention settings

Use mc retention set with the --recursive and --default to set the default bucket retention settings.

mc retention set  --recursive --default MODE DURATION ALIAS/PATH

Replace MODE with the retention mode to enable. AIStor supports the AWS S3 retention modes governance and compliance.
Replace DURATION with the duration which the object lock should remain in effect. For example, to set a retention period of 30 days, specify 30d.
Replace ALIAS with the alias of a configured S3-compatible host.
Replace PATH with the path to the bucket.

The bucket must have object locking enabled to use this command. You can only enable object locking when creating a bucket. See mc mb --with-lock for more information on creating buckets with object locking enabled.

Set object lock as default on existing bucket

Version changed

Beginning with RELEASE.2025-05-20T20-30-00Z, AIStor allows setting object locking and retention rules on any existing bucket.

The following command sets a default GOVERNANCE lock for 30 days on an existing bucket that was not initially created with locking enabled.

mc retention set --default GOVERNANCE "30d" myaistor/mybucket

After setting the default lock for the bucket, you can use mc retention set again to apply a lock to an existing object in the bucket.

mc retention set compliance 30d myaistor/mybucket/myobject.csv

Set object lock configuration for versioned object

Specific version

Use mc retention set with --version-id to apply the retention settings to a specific object version:

mc retention set --version-id VERSION MODE DURATION ALIAS/PATH

Replace VERSION with the version of the object.
Replace MODE with the retention mode to enable. AIStor supports the AWS S3 retention modes governance and compliance.
Replace DURATION with the duration which the object lock should remain in effect. For example, to set a retention period of 30 days, specify 30d.
Replace ALIAS with the alias of a configured S3-compatible host.
Replace PATH with the path to the object.

All versions

Use mc retention set with --versions to apply the retention settings to a specific object version:

mc retention set --versions  MODE DURATION ALIAS/PATH

Replace MODE with the retention mode to enable. AIStor supports the AWS S3 retention modes governance and compliance.
Replace DURATION with the duration which the object lock should remain in effect. For example, to set a retention period of 30 days, specify 30d.
Replace ALIAS with the alias of a configured S3-compatible host.
Replace PATH with the path to the object.

Behavior

Retention of object versions

For buckets with versioning enabled, mc retention set by default operates on the latest version of the target object or object(s). mc retention set includes specific options that when explicitly specified direct the command to operate on either a specific object version or all versions of an object:

Specific object version

To direct mc retention set to operate on a specific version of an object, include the --version-id argument:

mc retention set --version-id

All object versions

To direct mc retention set to operate on all versions of an object, include the --versions argument:

mc retention set --versions

Interaction with legal holds

Locking an object prevents any modification or deletion of that object, similar to the COMPLIANCE object locking mode. Objects can have simultaneous retention-based locks and legal hold locks.

The legal hold lock overrides any retention locking, such that an object under legal hold remains locked even if the retention period expires. Setting, modifying, or clearing retention settings for an object under legal hold has no effect until the legal hold either expires or is explicitly disabled.

For more information on object legal holds, see mc legalhold.

S3 compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

MinIO provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.