Data security FAQ

What happens during data deletion?

When an instance is deleted, Cloud Databases holds the block storage volume and Cloud Object Storage (COS) bucket in a “soft delete” state up to 3 days before deletion. After that 3-day period, we issue a delete to the COS and block storage services for those data volumes.

For more information on volume deletions, see What happens to the data when Block Storage for Classic volumes are deleted?.

For more information on bucket deletions, see Object Storage data deletion.

In accordance with GDPR and other regulations, Cloud Databases retains instance logs for 30 days. After 30 days, it is deleted through the same process as a COS bucket.

Instances that are configured with the optional bring your own key (BYOK) capability have their data shredded. The data is inaccessible when the customer-owned encryption key is deleted from the Key Protect or Hyperprotect Crypto Services instance. For more information, see Deleting your deployment and removing your data.

What are user password requirements?

Database user passwords are required to be a minimum of 15 characters, contain at least one letter and number, and a mix of uppercase and lowercase letters. Password complexity validation occurs for database users created using the IBM Cloud console, CLI, API, and Terraform.

These password complexity requirements for Cloud Databases users became effective on 24 February 2025. When updating a database user's password for databases created prior to 24 February 2025, you receive an error if the password does not meet these requirements. If you have Terraform configurations created prior to 24 Feb 2025 that are used to manage IBM Cloud Database users, check whether updates are needed to meet the proper complexity requirements.