Skip to content

feat(coderd): add retention policy configuration #21021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mafredri merged 3 commits into from
Dec 2, 2025
Merged

feat(coderd): add retention policy configuration #21021

mafredri merged 3 commits into from
Dec 2, 2025

Conversation

@mafredri
Copy link
Member

@mafredri mafredri commented Dec 1, 2025
edited by dannykopping
Loading

Add RetentionConfig with server flags for configuring data retention:

  • --audit-logs-retention: retention for audit log entries
  • --connection-logs-retention: retention for connection logs
  • --api-keys-retention: retention for expired API keys (default 7d)

Note: AI Bridge already has retention flags which are kept separate from RetentionConfig, which only affects core coderd.

Updates #20743

PR Stack

PR Title
👉 #21021 feat(coderd): add retention policy configuration
#21022 feat(coderd/database/dbpurge): add retention for connection logs
#21025 feat(coderd/database/dbpurge): add retention for audit logs
#21037 feat(coderd/database/dbpurge): make API keys retention configurable
#21038 docs: add data retention documentation
#21039 feat: add retention config for workspace_agent_logs

@mafredri mafredri mentioned this pull request Dec 1, 2025
Closed
11 tasks
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy branch from 75a0de4 to b5e66fa Compare December 1, 2025 13:03
@mafredri mafredri marked this pull request as ready for review December 1, 2025 13:12
mtojek
mtojek reviewed Dec 1, 2025
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wait a sec, is it only deployment config, or are you going to use these options soon? if the plan is to continue after some time, maybe park these changes in a side branch. Otherwise the commit message will be confusing.

@mafredri mafredri mentioned this pull request Dec 1, 2025
Merged
@mafredri
Copy link
Member Author

mafredri commented Dec 1, 2025

@mtojek #21022

mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for connection logs
b8a4bdb 
Add `DeleteOldConnectionLogs` query and integrate it into the `dbpurge`
routine. Retention is controlled by `--retention-connection-logs` flag,
falling back to `--retention-global` when not set. Disabled (0) by
default.

Depends on #21021
Updates #20743
mtojek
mtojek approved these changes Dec 1, 2025
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for context 👍 👍

mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for connection logs
0fb3b51 
Add `DeleteOldConnectionLogs` query and integrate it into the `dbpurge`
routine. Retention is controlled by `--retention-connection-logs` flag,
falling back to `--retention-global` when not set. Disabled (0) by
default.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for audit logs
0339e55 
Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Falls back to global retention if audit logs retention is unset.
Disabled (0) by default.

Depends on #21021
Updates #20743
@mafredri mafredri mentioned this pull request Dec 1, 2025
Merged
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): make API keys retention configurable
0e782ee 
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Falls back to global retention when
not set, and skips deletion entirely when effective retention is 0.

Depends on #21021
Updates #20743
@mafredri mafredri mentioned this pull request Dec 1, 2025
Merged
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
docs: add data retention documentation
0825d8a 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
@mafredri mafredri mentioned this pull request Dec 1, 2025
Merged
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
docs: add data retention documentation
f5d2df5 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): make API keys retention configurable
bd8e537 
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Falls back to global retention when
not set, and skips deletion entirely when effective retention is 0.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
docs: add data retention documentation
d79b8b5 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
docs: add data retention documentation
e2e9a91 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
@mafredri mafredri mentioned this pull request Dec 1, 2025
Merged
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for audit logs
eea3b10 
Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Falls back to global retention if audit logs retention is unset.
Disabled (0) by default.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 1, 2025
@mafredri
feat(coderd/database/dbpurge): make API keys retention configurable
0165a08 
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Falls back to global retention when
not set, and skips deletion entirely when effective retention is 0.

Depends on #21021
Updates #20743
dannykopping
dannykopping reviewed Dec 1, 2025
View reviewed changes
@mafredri
feat(coderd): add retention policy configuration
3976e07 
Add `RetentionConfig` with server flags for configuring data retention:

- `--global-retention`: default policy for all retention settings
- `--audit-logs-retention`: retention for audit log entries
- `--connection-logs-retention`: retention for connection logs
- `--api-keys-retention`: retention for expired API keys (default 7d)

Updates #20743
@mafredri
advice audit log retention according to docs
d5062e2
@mafredri mafredri force-pushed the mafredri/feat-coderd-db-retention-policy branch from b34ee61 to d5062e2 Compare December 2, 2025 09:48
@mafredri
chore: remove global retention option
9ce7785 
Remove the global retention fallback in favor of explicit per-topic
retention settings. This makes the retention behavior clearer and
easier for operators to reason about.

Each retention setting now:
- Enables retention when set to a non-zero duration
- Disables retention (keep indefinitely) when set to 0
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for connection logs
906ab49 
Add `DeleteOldConnectionLogs` query and integrate it into the `dbpurge`
routine. Retention is controlled by `--retention-connection-logs` flag,
falling back to `--retention-global` when not set. Disabled (0) by
default.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for audit logs
9ef0f67 
Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Falls back to global retention if audit logs retention is unset.
Disabled (0) by default.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): make API keys retention configurable
72e9f35 
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Falls back to global retention when
not set, and skips deletion entirely when effective retention is 0.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
docs: add data retention documentation
c0bf7c1 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for audit logs
aaa1d80 
Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Falls back to global retention if audit logs retention is unset.
Disabled (0) by default.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): make API keys retention configurable
827e455 
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Falls back to global retention when
not set, and skips deletion entirely when effective retention is 0.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
docs: add data retention documentation
d69d855 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): add retention for audit logs
b310b2f 
Add configurable retention policy for audit logs. The DeleteOldAuditLogs
query excludes deprecated connection events (connect, disconnect, open,
close) which are handled separately by DeleteOldAuditLogConnectionEvents.

Falls back to global retention if audit logs retention is unset.
Disabled (0) by default.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
feat(coderd/database/dbpurge): make API keys retention configurable
4879d74 
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Falls back to global retention when
not set, and skips deletion entirely when effective retention is 0.

Depends on #21021
Updates #20743
mafredri added a commit that referenced this pull request Dec 2, 2025
@mafredri
docs: add data retention documentation
f1ecd08 
Document configurable retention policies for Audit Logs, Connection Logs,
and API keys. Add new data-retention.md page and update existing docs to
reference it.

Depends on #21021
Updates #20743
@mafredri mafredri merged commit 56e7858 into main Dec 2, 2025
37 checks passed
@mafredri mafredri deleted the mafredri/feat-coderd-db-retention-policy branch December 2, 2025 14:04
@github-actions github-actions bot locked and limited conversation to collaborators Dec 2, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dannykopping dannykopping dannykopping approved these changes

@mtojek mtojek mtojek approved these changes

Assignees

@mafredri mafredri

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mafredri @dannykopping @mtojek