barman-cloud-backup-keep - Man Page

Flag backups which should be kept forever


barman-cloud-backup-keep [Options] SOURCE_URL SERVER_NAME BACKUP_ID


This script can be used to flag backups previously made with barman-cloud-backup as archival backups. Archival backups are kept forever regardless of any retention policies applied.

This script and Barman are administration tools for disaster recovery of PostgreSQL servers written in Python and maintained by EnterpriseDB.

Positional Arguments


URL of the cloud source, such as a bucket in AWS S3. For example: s3://BUCKET_NAME/path/to/folder (where BUCKET_NAME is the bucket you have created in AWS).


the name of the server as configured in Barman.


a valid Backup ID for a backup in cloud storage


-h, –help

show a help message and exit

-V, –version

show program's version number and exit

-v, –verbose

increase output verbosity (e.g., -vv is more than -v)

-q, –quiet

decrease output verbosity (e.g., -qq is less than -q)

-t, –test

test connectivity to the cloud destination and exit


Specify the recovery target for the archival backup. Possible values for RECOVERY_TARGET are:

  • full: The backup can always be used to recover to the latest point in time. To achieve this, Barman will retain all WALs needed to ensure consistency of the backup and all subsequent WALs.
  • standalone: The backup can only be used to recover the server to its state at the time the backup was taken. Barman will only retain the WALs needed to ensure consistency of the backup.
-s, –status

Report the archival status of the backup. This will either be the recovery target of full or standalone for archival backups or nokeep for backups which have not been flagged as archival.

-r, –release

Release the keep flag from this backup. This will remove its archival status and make it available for deletion, either directly or by retention policy.

–cloud-provider {aws-s3,azure-blob-storage,google-cloud-storage}

the cloud provider to which the backup should be uploaded

-P, –profile

profile name (e.g. INI section in AWS credentials file)


override the default S3 URL construction mechanism by specifying an endpoint.

–credential {azure-cli,managed-identity}

optionally specify the type of credential to use when authenticating with Azure Blob Storage. If omitted then the credential will be obtained from the environment. If no credentials can be found in the environment then the default Azure authentication flow will be used.


For Boto:

For AWS:

For Azure Blob Storage:

For Google Cloud Storage: * Credentials:

Only authentication with GOOGLE_APPLICATION_CREDENTIALS env is supported at the moment.


If using --cloud-provider=aws-s3:

If using --cloud-provider=azure-blob-storage:

If using --cloud-provider=google-cloud-storage * google-cloud-storage

Exit Status




The keep command was not successful


The connection to the cloud provider failed


There was an error in the command input

Other non-zero codes



Barman has been extensively tested, and is currently being used in several production environments. However, we cannot exclude the presence of bugs.

Any bug can be reported via the Github issue tracker.



Barman is the property of EnterpriseDB UK Limited and its code is distributed under GNU General Public License v3.

© Copyright EnterpriseDB UK Limited 2011-2022


EnterpriseDB <>.


June 27, 2022 Barman User manuals Version 3.0.1