Working with buckets

Buckets in VMware Cloud Director Object Storage Extension represent containers to which you upload files.

To store your data in VMware Cloud Director Object Storage Extension, you work with buckets and objects. Buckets are containers for objects. Objects are documents and files that you store in the buckets.

You create a bucket and then upload the objects to that bucket. When you no longer need a bucket, you can delete it.

Depending on your role, you can perform different operations with buckets.

As an …	You can …
organization user	create, edit, share, empty, and delete your own buckets.
organization administrator	create, edit, share, empty, and delete all buckets within your organization.

For each bucket, you can activate versioning. Versioning is a means of keeping multiple versions of an object in the same bucket. You use versioning to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning, you can easily recover from both unintended user actions and application failures. You activate and deactivate versioning at the bucket level. You can activate or deactivate versioning during the creation of a bucket, or you can edit the versioning configuration later. By default, versioning is inactive. When you create a bucket, you can optionally activate the object lock feature. If the feature is active, versioning for the bucket is also active. If the object lock feature is active for a bucket, you cannot deactivate versioning for the bucket.

To protect an object version from accidental or malicious deletion, activate the object lock feature and set a retention policy when you create a bucket. If you do not activate the object lock feature during the creation of a bucket, you cannot activate the feature for this bucket later. There are three retention modes you can select from:


Retention Mode	Description
Governance Mode	A user with specific permissions can preview the retention policy.
Compliance Mode	The retention policy is not displayed to any user.
No Retention	Does not require the selection of a retention period. If you select this option, you can define the retention period later.

To categorize your buckets, you use the object tagging feature and assign tags to individual objects. A tag represents a key-value pair.

You can set a default bucket encryption so that all objects are encrypted when they are stored in the bucket. By default, VMware Cloud Director Object Storage Extension does not enforce any bucket-level encryption. You can define an encryption method at the bucket level. If both server-side encryption and bucket encryption are configured, the bucket encryption configuration takes precedence. If you enforce an object-level encryption through the VMware Cloud Director Object Storage Extension API, the object-level encryption takes precedence over the bucket encryption configuration.


Encryption Method	Description
SSE-C	Use this option, if the organization administrator wants to manage their own encryption algorithms and primary keys. If you select this encryption type, you must select the encryption algorithm and specify or generate an encryption key. If a bucket is configured with SSE-C encryption, this bucket cannot be configured for replication. If a bucket is configured for replication, this bucket cannot be configured with SSE-C encryption.
SSE-S3	A server-side encryption method that uses an AES-256 algorithm. An S3 server manages the primary keys.
None	By default, VMware Cloud Director Object Storage Extension does not enforce bucket-level encryption.