bucket update

Updates the bucketType of an existing bucket.

Prints the ID of the bucket updated. Optionally stores bucket info, CORS rules and lifecycle rules with the bucket. These can be given as JSON on the command line.

If you want server-side encryption for all of the files that are uploaded to a bucket, you can enable SSE-B2 encryption as a default setting for the bucket. In order to do that pass --default-server-side-encryption=SSE-B2. The default algorithm is set to AES256 which can by changed with --default-server-side-encryption-algorithm parameter. All uploads to that bucket, from the time default encryption is enabled onward, will then be encrypted with SSE-B2 by default.

To disable default bucket encryption, use --default-server-side-encryption=none.

If --default-server-side-encryption is not provided, default server side encryption is determined by the server.


Note that existing files in the bucket are not affected by default bucket encryption settings.

Use –lifecycle-rule to set lifecycle rule for the bucket. Multiple rules can be specified by repeating the option.

–lifecycle-rules option is deprecated and cannot be used together with –lifecycle-rule.

To set a default retention for files in the bucket --default-retention-mode and --default-retention-period have to be specified. The latter one is of the form “X days|years”.


Setting file retention mode to ‘compliance’ is irreversible - such files can only be ever deleted after their retention period passes, regardless of keys (master or not) used. This is especially dangerous when setting bucket default retention, as it may lead to high storage costs.

This command can be used to set the bucket’s fileLockEnabled flag to true using the --file-lock-enabled option. This can only be done if the bucket is not set up as a replication source.


Once fileLockEnabled is set, it can NOT be reverted back to false

Please note that replication from file-lock-enabled bucket to file-lock-disabled bucket is not allowed, therefore if file lock is enabled on a bucket, it can never again be the replication source bucket for a file-lock-disabled destination.

Additionally in a file-lock-enabled bucket the file metadata limit will be decreased from 7000 bytes to 2048 bytes for new file versions Please consult b2_update_bucket official documentation for further guidance.

Requires capability:

  • writeBuckets

  • readBucketEncryption

and for some operations:

  • writeBucketRetentions

  • writeBucketEncryption

b2 bucket update [-h] [--bucket-info BUCKET_INFO] [--cors-rules CORS_RULES]
                 [--default-retention-mode {compliance,governance,none}]
                 [--default-retention-period period]
                 [--replication REPLICATION] [--file-lock-enabled]
                 [--default-server-side-encryption {SSE-B2,none}]
                 [--default-server-side-encryption-algorithm {AES256}]
                 [--lifecycle-rule LIFECYCLE_RULES | --lifecycle-rules LIFECYCLE_RULES]
                 bucketName [{allPublic,allPrivate}]

Positional Arguments


Target bucket name


Possible choices: allPublic, allPrivate

Named Arguments


If given, the bucket will have a ‘custom’ CORS configuration. Accepts a JSON string.


Possible choices: compliance, governance, none


If given, the bucket will have the file lock mechanism enabled. This parameter cannot be changed back.


Possible choices: SSE-B2, none


Possible choices: AES256

Default: “AES256”


Lifecycle rule in JSON format. Can be supplied multiple times.


(deprecated; use –lifecycle-rule instead) List of lifecycle rules in JSON format.