What is Object Lock?
Object Lock is a feature that makes data immutable by preventing a file from being changed or deleted until a given date. This helps to protect files stored in Backblaze B2 Cloud Storage from threats like ransomware which could potentially encrypt or remove files you intend to keep.
How does Object Lock work?
Object Lock must be enabled on a bucket at the time the bucket is created. For files going into a bucket with Object Lock enabled, there are two ways to lock them. First, you can set a date when you upload the file as part of the call to our API. Second, you can set a date on a file that is already uploaded. For both methods, you must set a date to lock the file until and which mode you want to use. Attempts to delete the file or make any changes to it before the set date will fail. While you can use the second method to extend the lock on a file, you cannot use it to shorten the lock.
The majority of users will never have to interact with the API at all - integrations like Veeam will simply ask how long you want your files to be immutable and enable that functionality behind the scenes for you.
With Object Lock Legal Hold, the feature prevents a file from being changed or deleted, but the immutability does not have a defined retention period - a file is immutable until Object Lock Legal Hold is removed. Read here for more information.
Does Object Lock with Backblaze work the same way as it does with AWS?
From a functionality standpoint, Object Lock with Backblaze B2 Cloud Storage works the same way as it does with AWS. Files will be locked until the date a user sets on the file.
Is there an extra cost to use Object Lock?
There is no extra cost to use Object Lock, however you are responsible for the normal charges associated with storing the locked file.
Can Object Lock be enabled later on?
No, the Bucket that a file is in must have Object Lock enabled to use Object Lock on that file. The only option to enable Object Lock on a Bucket is when you make the bucket for the first time. This means you cannot enable Object Lock on any file in a Bucket that was not created with Object Lock enabled and it cannot be turned on after the fact. We have mimicked this behavior from AWS.
What happens if I made a mistake and locked a file for longer than I wanted?
If you have locked your file for longer than you intended then you will need to close your B2 account. For assistance in closing your B2 account please see either Canceling and Deleting a Backblaze Account or How Do I Cancel My B2 Account.
Can I use Immutability with Veeam?
Yes, Object Lock in B2 Cloud Storage was designed with the Immutability feature in Veeam Backup & Replication in mind. If you have enabled Object Lock on a bucket on your account you can follow our guide on how to set up Veeam with B2 Cloud Storage. For more information, see this page.
Can I use Object Lock on a bucket that does not have it enabled?
No, Object Lock can only be used on a bucket that has Object Lock enabled.
Can I use Object Lock with the B2 CLI/AWS CLI?
The AWS CLI is currently supported. The B2 CLI will be available soon. Here is an example of how to create a bucket with Object Lock enabled and upload a file to Backblaze B2 with an Object Lock, then check the retention period for that file:
Creating a Bucket:
aws s3api create-bucket --bucket <bucketname> --object-lock-enabled-for-bucket --endpoint-url <S3 Endpoint>
Upload a File:
aws s3api put-object --bucket <bucketname> --key <filename> --body <local_filename> --object-lock-mode COMPLIANCE --object-lock-retain-until-date "YYYY-MM-DD HH:MI:SS" --endpoint-url <S3 Endpoint>
Check Object Retention:
aws s3api get-object-retention --bucket <bucketname> --key <filename> --endpoint-url <S3 Endpoint>
Can I only use Object Lock with the S3 Compatibility API?
No, Object Lock is available via the S3 Compatibility API and the B2 Native API.
What happens after the end of the retention period?
Once the Object Lock retention period expires, a file may be changed or deleted.
Will Object Lock affect any other bucket or lifecycle settings?
Yes. When a file is locked, lifecycle settings or an integration setting attempting to change or delete the file will fail.
Can Object Lock only be enabled using the WEB UI? If not how can it be otherwise enabled?
Object Lock may be enabled by API or by using the web application. See this page for more information about our API. Default Bucket Retention and Object Lock Legal Hold may be enabled through the web application as well.
Can Object Lock Legal Hold be enabled for multiple files at once?
No, Object Lock Legal Hold may be applied only one file at a time during upload or updating a file.
What are examples of who or what Default Bucket Retention would usually apply to?
Default Bucket Retention is a great feature for those who want to ensure that their data is not changed or deleted. Refer to the Default Bucket Retention article for more information.