Object Lock prevents objects from being deleted or overwritten while a retention period is in effect. Use it for compliance (financial records, audit logs), ransomware protection, or any case where data integrity must be guaranteed.
Object Lock is a permanent bucket setting. It must be enabled at bucket creation time under Advanced options in the Create Bucket dialog. It cannot be enabled, disabled, or changed after the bucket is created.
When creating a bucket, expand Advanced options in the Create Bucket dialog and enable Object Lock before clicking Create Bucket. See Buckets → Create a bucket.
After creation, the Lock Settings tab will be active for the bucket and you can configure retention.
After bucket creation, find the lock state in two places:
The Lock Settings tab lets you manage retention policies for objects in the bucket. Object Lock applies to objects uploaded after retention is configured.
The Lock Settings tab shows the message:
“Object Lock Not Enabled — Object locking must be enabled when creating the bucket to use retention policies. This setting cannot be changed after bucket creation.”
The message is marked Permanent Bucket Setting. To use Object Lock for that workload, create a new bucket with the option turned on and migrate objects.
A locked object cannot be overwritten or deleted — not even by an Admin token — until the retention period expires. Use Object Lock together with API token scoping (Bucket policies) so that no path can bypass the lock.