Product
AiStor Logo
Overview
What is AIStor?
Features
Replication Replication Versioning Versioning Observability Observability Encryption Encryption Key Management Server Key Management Server S3 Compatibility S3 Compatibility Object Immutability Object Immutability Catalog Catalog Object Prompt Object Prompt xxx Identity + Access Mgt Firewall Firewall AIHub AIHub Lifecycle Lifecycle Cache Cache Events and Lambdas Events and Lambdas Console Console
Tools
Erasure Code Calculator Erasure Code Calculator Determine your raw and usable capacity across a range of erasure coding settings. Reference Hardware Reference Hardware MinIO’s recommended Configuration and reference hardware for building large scale data infrastructure.
Solutions
AI Storage Learn how MinIO is leading the AI storage market from its exclusive features to performance at scale. HDFS Migration Modernize and simplify your big data storage infrastructure with cloud native storage with AIStor. Snowflake Learn how to leverage Snowflake external tables to query data without having to move it.
Integrations Integrations with MinIO Browse our expansive list of
integrations with links to the relevant
documentation.
Veeam Learn how MinIO and Veeam have partnered deliver superior RTO and RPO. Modern Datalakes Learn how modern, multi-engine data lakeshouses depend on MinIO's AIStor. Equinix Repatriate your data onto the cloud you control with MinIO and Equinix. SQL Server Learn how to leverage SQL Server 2022 with MinIO to run queries on your data without having to move it. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Hybrid Cloud Learn how enterprises use MinIO to build AI data infrastructure that runs on any cloud - public, private or colo. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions.
Open Source
Github Community Explore, experiment, ask questions and contribute. Docs Development guides. Slack Channel Open Forum for discussing topics related to MinIO.
Download MinIO Object Store Download MinIO Object Store Get MinIO's open source server, client, and SDK.
Resources
Resources Home Browse our library of white papers, solution briefs, benchmarks and videos. Blog Product updates, company news, and educational content. Training Learn the MinIO Way and Become a Data Infrastructure Expert.
Events Events Join us to take advantage to meet with MinIO partners, employees, and subject-matter experts.
Partner Pricing
Login Download
AIStor logo

Object Immutability

Protecting data from deletion (accidental or intentional) is a key compliance component. MinIO supports a complete range of functionality including object locking, retention, legal holds, governance, and compliance. Object locking can be used in conjunction with MinIO versioning to ensure data immutability and eliminate the risk of data tampering or destruction.
Object Locking
Object Locking

Object Retention

Object storage retention rules ensure that an object is WORM protected for some period of time. Object storage retention policy specifies retention periods set on an object version either explicitly or through a bucket default setting. A default lock configuration set at the bucket level applies to objects that are created subsequently, and does not apply retroactively to versions of objects created previously.

When the bucket default setting is used, a duration is set in either days or years that defines the length of time for which every object version placed in the bucket should be protected. A new object placed in the bucket inherits the protection duration as set for the bucket.

Retention periods may be set explicitly for an object version. Explicit retention periods specify a Retain Until Date for the object version. The Retain Until Date setting is stored in the object version's metadata and protects the object version until the retention period expires.

After the retention period expires, the object version can be deleted unless a legal hold was also placed on the object version.

Explicit retention mode settings override default bucket settings.

Retention periods can be extended easily by submitting a new lock request.

There are two types of modes used to set a retention period for objects and buckets in the Retention framework:

Governance Mode

Governance mode is used to protect objects from being deleted by standard users. Some users, however, will need to retain the permissions required to modify the retention settings or delete the objects. Those users will require special permissions such as the s3:BypassGovernanceRetention permission and DeleteObject permission.

Compliance Mode

Compliance mode is more restrictive and cannot be undone within the retention period. As a result, Compliance mode ensures that no one, including the root user, can delete an object during its retention period.

Legal Hold

Legal hold offers the same WORM protection as the retention period, but it has no expiration date. It is an indefinite hold that can only be removed by an authorized user.

Objects continue to be versioned while they have policies defined for retention or legal hold. A copy operation on a version of an object does not carry forward the retention and legal hold settings from the source bucket to the destination.

Object Immutability

MinIO Data Immutability Meets or Exceeds Cohasset
Certification Standards

The gold standard in object locking, retention, and legal holds is validation from Cohasset Associates. MinIO's object storage retention and data immutability have earned a positive assessment from Cohasset Associates, specifically regarding SEC Rule 17a-4(f), FINRA Rule 4511, and CFTC Regulation 1.31. Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of broker-dealer record retention.

A copy of the Cohasset Associates Assessment report can be downloaded in its entirety and shared with the appropriate regulator when storing data on MinIO. It details exactly how to configure MinIO to meet the requirements as well as the logic underpinning the object locking features.

Object Immutability

Learn more

MinIO earns Immutability badge from the Veeam Ready Program
Blog
MinIO earns Immutability badge from the Veeam Ready Program
Object Locking, Versioning, Holds and Modes in MinIO
Blog
Object Locking, Versioning, Holds and Modes in MinIO
Cohasset Associates Report
White Paper
Cohasset Associates Report

You are using Internet Explorer version 11 or lower. Due to security issues and lack of support for web standards, it is highly recommended that you upgrade to a modern browser.

Chrome Chrome Firefox Firefox Opera Opera Edge Edge