Secure Snapshots can be created:
The easiest approach is with the Web UI. We go to the Configuration > Volumes menu, select the volume, and click the MORE menu.
The create snapshot window opens, which allows us to name the snapshot and to set its properties (read-only; secure):
For this example, we will set the expiration time to 15 minutes. But the interval can be set in the UI for minutes, hours, days, or weeks.
After creating the snapshot of our source volume, it appears and is marked both secure and read-only.
If we try to delete it or overwrite the contents, we receive the following error:
From the CLI, we would do something like the following to create a secure snapshot:
scli --snapshot_volume --volume_name source-fg-vol-1 \
--snapshot_name source-fg-vol-1-snap-1 --retention_period 15m
You are prompted to confirm the decision to create a secure snapshot:
Alternatively, users can preemptively approve the creation by adding the --i_am_sure flag to the command.
Specifying a retention period denotes the snapshot as secure and includes the read-only attribute. The time period is specified using m | h | D | W | M | Y respectively indicating minutes, hours, days, weeks, months, or years. Examples: 30m (thirty minutes), 5D (five days), 1M (one month, which equals 31 days).