I’m aware this might be a bit of a silly situation. I signed up for the 30 day trial and figured I’d try the object lock feature. For some reason I picked 1 year as a retention with governance as mode. The reasoning being I could always bypass the object lock as per the description.
Well. I’m unable to unlock the bucket or delete the files. Are my files held “hostage” for a year even if the trial runs out? Would be very nice if someone would be able to just delete my project and/or bucket
Technically, once you lose the keys, your files are as good as gone. I would not worry about inaccessible data sitting for however long.
Using the word “unlock” might have been a poor choice. I can open the bucket and view the files. Just can’t remove the object lock nor delete the files.
Ah, got it, make sense.
But the point still stands – you can forget the encryption keys and your files are effectively gone.
When you say “can’t remove the object lock” – have you tried the CLI? Web frontend does not supports that. From https://storj.dev/dcs/objects#bypassing-governance-mode:
A user with the
BypassGovernanceRetentionpermission may remove the retention period for an object locked with Governance Mode using the AWS CLI or other AWS SDK.The Storj Console currently doesn’t support this feature.
I’m trying. But frankly I don’t understand how to use these commands. I’ve managed to setup the CLI after going the entirely wrong route of registering an AWS account, just to find out I was supposed to use the storj access keys to configure the CLI.
I’m able to authenticate and run the s3 ls command… but no clue how to run the following:
aws s3api put-object-retention \
--bucket my-object-lock-bucket \
--key my-file.txt \
--version-id <version-id> \
--retention "{}" \
--bypass-governance-retention \
--endpoint-url https://gateway.storjshare.io
Edit: Was able to run this as one string in CMD. But I’ve still got no clue what .txt file I’m supposed to provide. Nor what any of the other parameters require.
Edit2: Getting closer. Running the following command:
aws s3api --endpoint-url https://gateway.storjshare.io put-object-retention --bucket MYBUCKET --key FILENAME --retention "{}" --bypass-governance-retention
returns:
Missing required header for this request: Content-Md5.
Your command is correct, storj is not yet compatible with the latest version of the aws cli, Announcement: S3 default integrity change · Issue #9214 · aws/aws-cli · GitHub. I think your put-object-retention command should work if you downgrade to version 2.22.35 or earlier.
Another option is to delete them directly, this does work on the latest aws cli version.
aws --endpoint-url https://gateway.storjshare.io s3api delete-object --bucket MYBUCKET --key FILENAME --version-id VERSIONID --bypass-governance-retention
I’m afraid the delete command does not work. Just spawns a new version of the files.
I’ve downgraded to v2.22.35 which allows me to change the rentention policy. Is there a way to do this to an entire folder? There’s a couple of hundred photos… it’s a slow process to do it one-by-one
Edit: Just finished deleting all files. Learned a valuable lesson, I guess. Thanks for the help!
You must use the --version-id parameter to delete an object in a bucket with versioning enabled or you will only be creating delete markers.
To change the the retention policy for every object in a bucket I think you’d need to write some code.
Happy to hear you were able to get everything cleaned up!
You may also configure rclone with Storj S3 (you need to have BypassGovernanceRetention permission in your S3 credentials) and use this method:
rclone purge us1-gw-mt:my-locked-bucket --header "x-amz-bypass-governance-retention:true"
However, it requires that you know the encryption phrase.
The other method would be using uplink not older than Release v1.124.6 · storj/storj · GitHub
uplink ls --encrypted --recursive --all-versions sj://locked-bucket/ -o json | jq '"uplink rm --encrypted --bypass-governance-retention --version-id " + .versionId + " sj://locked-bucket/" + .key' -r | bash