Skip to content
Products
Platform
Developer Tools
Portal

Object Lock: Manage the Compliance Lock

Last updated on

The Compliance Lock is the project-level switch that enables S3 Object Lock for all buckets in a STACKIT project. It must be activated before you can create buckets with Object Lock or configure retention policies.

Prerequisites

Section titled “Prerequisites”
  • A STACKIT project with Object Storage enabled
  • Appropriate project permissions

Enable the Compliance Lock

Section titled “Enable the Compliance Lock”

Activate the Compliance Lock for your project:

curl -X POST \
  "https://object-storage.api.{region}.stackit.cloud/v1/project/{projectId}/compliance-lock" \
  -H "Authorization: Bearer $TOKEN"

Response (HTTP 201):

{
  "project": "cd5e788d-5b7b-4ab9-a20d-e790205df10b",
  "maxRetentionDays": 365
}

Possible errors

Section titled “Possible errors”
StatusReason
404Project not found
409Compliance Lock is already active

Check the Compliance Lock status

Section titled “Check the Compliance Lock status”
curl -X GET \
  "https://object-storage.api.{region}.stackit.cloud/v1/project/{projectId}/compliance-lock" \
  -H "Authorization: Bearer $TOKEN"

Response (HTTP 200):

{
  "project": "cd5e788d-5b7b-4ab9-a20d-e790205df10b",
  "maxRetentionDays": 365
}

Returns HTTP 404 if the Compliance Lock is not active.

Disable the Compliance Lock

Section titled “Disable the Compliance Lock”
curl -X DELETE \
  "https://object-storage.api.{region}.stackit.cloud/v1/project/{projectId}/compliance-lock" \
  -H "Authorization: Bearer $TOKEN"

Response (HTTP 200):

{
  "project": "cd5e788d-5b7b-4ab9-a20d-e790205df10b",
  "maxRetentionDays": 365
}

Possible errors

Section titled “Possible errors”
StatusReason
404Compliance Lock is not active
409Buckets with Object Lock still exist

Important: The Compliance Lock can only be disabled if no buckets with Object Lock exist in the project. Since Object Lock cannot be removed from an existing bucket, you must delete all Object Lock-enabled buckets before you can disable the Compliance Lock.

Note: Buckets without Object Lock are not affected and do not need to be deleted.

Deletion protection

Section titled “Deletion protection”

A project with an active Compliance Lock cannot be deleted. Both the regular project deletion and force-delete endpoints return HTTP 409 Conflict if the Compliance Lock is active.

To delete a project, you must first disable the Compliance Lock.