Update-bucket command

Updates the bucketType of an existing bucket. Prints the ID of the bucket updated.

Optionally stores bucket info, CORS rules and lifecycle rules with the bucket. These can be given as JSON on the command line.

If you want server-side encryption for all of the files that are uploaded to a bucket, you can enable SSE-B2 encryption as a default setting for the bucket. In order to do that pass --defaultServerSideEncryption=SSE-B2. The default algorithm is set to AES256 which can by changed with --defaultServerSideEncryptionAlgorithm parameter. All uploads to that bucket, from the time default encryption is enabled onward, will then be encrypted with SSE-B2 by default.

To disable default bucket encryption, use --defaultServerSideEncryption=none.

If --defaultServerSideEncryption is not provided, default server side encryption is determined by the server.


Note that existing files in the bucket are not affected by default bucket encryption settings.

To set a default retention for files in the bucket --defaultRetentionMode and --defaultRetentionPeriod have to be specified. The latter one is of the form “X days|years”.


Setting file retention mode to ‘compliance’ is irreversible - such files can only be ever deleted after their retention period passes, regardless of keys (master or not) used. This is especially dangerous when setting bucket default retention, as it may lead to high storage costs.

Requires capability:

  • writeBuckets

  • readBucketEncryption

and for some operations:

  • writeBucketRetentions

  • writeBucketEncryption

b2 update-bucket [-h] [--bucketInfo BUCKETINFO] [--corsRules CORSRULES]
                 [--lifecycleRules LIFECYCLERULES]
                 [--defaultRetentionMode {compliance,governance,none}]
                 [--defaultRetentionPeriod period]
                 [--defaultServerSideEncryption {SSE-B2,none}]
                 [--defaultServerSideEncryptionAlgorithm {AES256}]
                 bucketName bucketType

Positional Arguments


Named Arguments


Possible choices: compliance, governance, none


Possible choices: SSE-B2, none


Possible choices: AES256

Default: “AES256”