Update-bucket command

Updates the bucketType of an existing bucket. Prints the ID of the bucket updated.

Optionally stores bucket info, CORS rules and lifecycle rules with the bucket. These can be given as JSON on the command line.

If you want server-side encryption for all of the files that are uploaded to a bucket, you can enable SSE-B2 encryption as a default setting for the bucket. In order to do that pass --defaultServerSideEncryption=SSE-B2. The default algorithm is set to AES256 which can by changed with --defaultServerSideEncryptionAlgorithm parameter. All uploads to that bucket, from the time default encryption is enabled onward, will then be encrypted with SSE-B2 by default.

To disable default bucket encryption, use --defaultServerSideEncryption=none.

If --defaultServerSideEncryption is not provided, default server side encryption is determined by the server.


Note that existing files in the bucket are not affected by default bucket encryption settings.

To set a default retention for files in the bucket --defaultRetentionMode and --defaultRetentionPeriod have to be specified. The latter one is of the form “X days|years”.


Setting file retention mode to ‘compliance’ is irreversible - such files can only be ever deleted after their retention period passes, regardless of keys (master or not) used. This is especially dangerous when setting bucket default retention, as it may lead to high storage costs.

This command can be used to set the bucket’s fileLockEnabled flag to true using the --fileLockEnabled option. This can only be done if the bucket is not set up as a replication source.


Once fileLockEnabled is set, it can NOT be reverted back to false

Please note that replication from file-lock-enabled bucket to file-lock-disabled bucket is not allowed, therefore if file lock is enabled on a bucket, it can never again be the replication source bucket for a file-lock-disabled destination.

Additionally in a file-lock-enabled bucket the file metadata limit will be decreased from 7000 bytes to 2048 bytes for new file versions Please consult b2_update_bucket official documentation for further guidance.

Requires capability:

  • writeBuckets

  • readBucketEncryption

and for some operations:

  • writeBucketRetentions

  • writeBucketEncryption

b2 update-bucket [-h] [--profile PROFILE] [--bucketInfo BUCKETINFO]
                 [--corsRules CORSRULES] [--lifecycleRules LIFECYCLERULES]
                 [--defaultRetentionMode {compliance,governance,none}]
                 [--defaultRetentionPeriod period] [--replication REPLICATION]
                 [--defaultServerSideEncryption {SSE-B2,none}]
                 [--defaultServerSideEncryptionAlgorithm {AES256}]
                 bucketName [{allPublic,allPrivate}]

Positional Arguments


Possible choices: allPublic, allPrivate

Named Arguments


Possible choices: compliance, governance, none


If given, the bucket will have the file lock mechanism enabled. This parameter cannot be changed back.


Possible choices: SSE-B2, none


Possible choices: AES256

Default: “AES256”