Soft delete for Azure Storage Blobs generally available
2 min read
Today we are excited to announce general availability of soft delete for Azure Storage Blobs! The feature is available in all regions for public, government and sovereign clouds.
When turned on, soft delete enables you to save and recover your data where blobs or blob snapshots are deleted. This protection extends to blob data that is erased as the result of an overwrite.
How does it work?
When data is deleted, it transitions to a soft deleted state instead of being permanently erased. When soft delete is on and you overwrite data, a soft deleted snapshot is generated to save the state of the overwritten data. Soft deleted objects are invisible unless explicitly listed. You can configure the amount of time soft deleted data is recoverable before it is permanently expired.
Soft deleted data is grey, while active data is blue. More recently written data appears beneath older data. When B0 is overwritten with B1, a soft deleted snapshot of B0 is generated. When the blob is deleted, the root (B1) also moves into a soft deleted state.
Soft delete is 100 percent backwards compatible; you don’t have to make changes to your applications to take advantage of the protections this feature affords. With this GA announcement, we have added support for tiering blobs with soft deleted snapshots. When Set Blob Tier is called on a blob with soft deleted snapshots, the snapshots will remain in the original storage tier and expire based on the retention period you configured.
When you create a new account, soft delete is off by default. Soft delete is also off by default for existing storage accounts. You can toggle the feature on and off at any time during the life of a storage account. Object-level soft delete is available for all storage account types and all storage tiers. It does not protect against container or account deletions. To learn how to protect a storage account from accidental deletes, please see the Azure Resource Manager article Lock Resources to Prevent Unexpected Changes.
Soft deleted data is billed at the same rate as active data. For more details on prices for Azure Blob Storage in general, check out the Azure Blob Storage Pricing Page.
Soft delete is supported by Azure Portal, .NET Client Library (version 9.0.0), Java Client Library (version 7.0.0), Python Client Library (version 1.1.0), Node.js Client Library (version 2.8.0), PowerShell (version 5.3.0) and CLI 2.0 (version 2.0.27). You can also directly use the Storage Services REST API as always. Soft delete is supported by REST API version 2017-07-29 and greater. In general, we always recommend using the latest version regardless of whether you are using this feature.
To enable soft delete using the Azure Portal, navigate to the “Soft delete” option under “Blob Service.” Then, click “Enabled” and enter the number of days you want to retain soft deleted data.
For more details on the feature see the soft delete documentation as well as this soft delete code sample.
If there is a chance that your data is accidentally modified or deleted by an application or other storage account user, we recommend turning on soft delete. Soft delete is one part of a data protection strategy and can help prevent inadvertent data loss.
Soft delete helps ensure that you can recover accidentally deleted or modified blob data. Soft delete is a key part of an overall data protection strategy that includes Azure Resource Manager locks as well as the ZRS, GRS, and RA-GRS replication tiers. We look forward to hearing feedback about this feature on this post or at Azure Feedback.