disable (data is kept indefinitely unless individual settings are

configured).

--workspace-agent-logs-retention duration, $CODER_WORKSPACE_AGENT_LOGS_RETENTION (default: 7d)

How long workspace agent logs are retained. Logs from non-latest

workspace builds are deleted after this period to free up storage

space. Set to 0 to disable automatic deletion of workspace agent logs.

TELEMETRY OPTIONS:

Telemetry is critical to our ability to improve Coder. We strip all personal

information before sending data to our servers. Please only disable telemetry

# an expired key. Set to 0 to disable automatic deletion of expired keys.

# (default: 7d, type: duration)

api_keys: 168h0m0s

# How long workspace agent logs are retained. Logs from non-latest workspace

# builds are deleted after this period to free up storage space. Set to 0 to

# disable automatic deletion of workspace agent logs.

# (default: 7d, type: duration)

workspace_agent_logs: 168h0m0s

)

const (

delay=10*time.Minute

maxAgentLogAge=7*24*time.Hour

delay=10*time.Minute

}

deleteOldWorkspaceAgentLogsBefore:=start.Add(-maxAgentLogAge)

iferr:=tx.DeleteOldWorkspaceAgentLogs(ctx,deleteOldWorkspaceAgentLogsBefore);err!=nil {

returnxerrors.Errorf("failed to delete old workspace agent logs: %w",err)

workspaceAgentLogsRetention:=vals.Retention.WorkspaceAgentLogs.Value()

ifworkspaceAgentLogsRetention==0 {

workspaceAgentLogsRetention=vals.Retention.Global.Value()

}

ifworkspaceAgentLogsRetention>0 {

deleteOldWorkspaceAgentLogsBefore:=start.Add(-workspaceAgentLogsRetention)

iferr:=tx.DeleteOldWorkspaceAgentLogs(ctx,deleteOldWorkspaceAgentLogsBefore);err!=nil {

returnxerrors.Errorf("failed to delete old workspace agent logs: %w",err)

}

}

iferr:=tx.DeleteOldWorkspaceAgentStats(ctx);err!=nil {

returnxerrors.Errorf("failed to delete old workspace agent stats: %w",err)

require.NotEmpty(t,agentLogs,"agent logs must be present")

}

funcTestDeleteOldWorkspaceAgentLogsRetention(t*testing.T) {

t.Parallel()

now:=time.Date(2025,1,15,7,30,0,0,time.UTC)

testCases:= []struct {

retentionConfig codersdk.RetentionConfig

logsAge time.Duration

}{

{

name:"RetentionEnabled",

retentionConfig: codersdk.RetentionConfig{

WorkspaceAgentLogs:serpent.Duration(7*24*time.Hour),// 7 days

},

logsAge:8*24*time.Hour,// 8 days ago

expectDeleted:true,

},

{

name:"RetentionDisabled",

retentionConfig: codersdk.RetentionConfig{

WorkspaceAgentLogs:serpent.Duration(0),

},

logsAge:60*24*time.Hour,// 60 days ago

expectDeleted:false,

},

{

name:"GlobalRetentionFallback",

retentionConfig: codersdk.RetentionConfig{

Global:serpent.Duration(14*24*time.Hour),// 14 days global

WorkspaceAgentLogs:serpent.Duration(0),// Not set, falls back to global

},

logsAge:15*24*time.Hour,// 15 days ago

expectDeleted:true,

},

{

name:"CustomRetention30Days",

retentionConfig: codersdk.RetentionConfig{

WorkspaceAgentLogs:serpent.Duration(30*24*time.Hour),// 30 days

},

logsAge:31*24*time.Hour,// 31 days ago

expectDeleted:true,

},

}

for_,tc:=rangetestCases {

t.Run(tc.name,func(t*testing.T) {

t.Parallel()

ctx:=testutil.Context(t,testutil.WaitShort)

clk:=quartz.NewMock(t)

clk.Set(now).MustWait(ctx)

oldTime:=now.Add(-tc.logsAge)

db,_:=dbtestutil.NewDB(t,dbtestutil.WithDumpOnFailure())

logger:=slogtest.Make(t,&slogtest.Options{IgnoreErrors:true})

org:=dbgen.Organization(t,db, database.Organization{})

user:=dbgen.User(t,db, database.User{})

_=dbgen.OrganizationMember(t,db, database.OrganizationMember{UserID:user.ID,OrganizationID:org.ID})

tv:=dbgen.TemplateVersion(t,db, database.TemplateVersion{OrganizationID:org.ID,CreatedBy:user.ID})

tmpl:=dbgen.Template(t,db, database.Template{OrganizationID:org.ID,ActiveVersionID:tv.ID,CreatedBy:user.ID})

ws:=dbgen.Workspace(t,db, database.WorkspaceTable{Name:"test-ws",OwnerID:user.ID,OrganizationID:org.ID,TemplateID:tmpl.ID})

wb1:=mustCreateWorkspaceBuild(t,db,org,tv,ws.ID,oldTime,1)

wb2:=mustCreateWorkspaceBuild(t,db,org,tv,ws.ID,oldTime,2)

agent1:=mustCreateAgent(t,db,wb1)

agent2:=mustCreateAgent(t,db,wb2)

mustCreateAgentLogs(ctx,t,db,agent1,&oldTime,"agent 1 logs")

mustCreateAgentLogs(ctx,t,db,agent2,&oldTime,"agent 2 logs")

done:=awaitDoTick(ctx,t,clk)

closer:=dbpurge.New(ctx,logger,db,&codersdk.DeploymentValues{

Retention:tc.retentionConfig,

},clk)

defercloser.Close()

testutil.TryReceive(ctx,t,done)

iftc.expectDeleted {

assertNoWorkspaceAgentLogs(ctx,t,db,agent1.ID)

}else {

assertWorkspaceAgentLogs(ctx,t,db,agent1.ID,"agent 1 logs")

}

assertWorkspaceAgentLogs(ctx,t,db,agent2.ID,"agent 2 logs")

})

}

}

funcTestDeleteOldProvisionerDaemons(t*testing.T) {

APIKeys serpent.Duration`json:"api_keys" typescript:",notnull"`

WorkspaceAgentLogs serpent.Duration`json:"workspace_agent_logs" typescript:",notnull"`

}

typeNotificationsConfigstruct {

YAML:"api_keys",

Annotations: serpent.Annotations{}.Mark(annotationFormatDuration,"true"),

},

{

Name:"Workspace Agent Logs Retention",

Description:"How long workspace agent logs are retained. Logs from non-latest workspace builds are deleted after this period to free up storage space. Set to 0 to disable automatic deletion of workspace agent logs.",

Flag:"workspace-agent-logs-retention",

Env:"CODER_WORKSPACE_AGENT_LOGS_RETENTION",

Value:&c.Retention.WorkspaceAgentLogs,

Default:"7d",

Group:&deploymentGroupRetention,

YAML:"workspace_agent_logs",

Annotations: serpent.Annotations{}.Mark(annotationFormatDuration,"true"),

},

{

Name:"Enable Authorization Recordings",

Description:"All api requests will have a header including all authorization calls made during the request. "+

Coder supports configurable retention policies that automatically purge old

Audit Logs, Connection Logs, and API keys. These policies help manage database

growth by removing records older than a specified duration.

Audit Logs, Connection Logs,Workspace Agent Logs,and API keys. These policies

help manage databasegrowth by removing records older than a specified duration.

| Setting| CLI Flag| Environment Variable| Default| Description|

|-----------------|-------------------------------|-----------------------------------|------------------|--------------------------------------------------------------------------|

| Global|`--global-retention`|`CODER_GLOBAL_RETENTION`|`0` (disabled)| Default retention for all data types. Individual settings override this.|

| Audit Logs|`--audit-logs-retention`|`CODER_AUDIT_LOGS_RETENTION`|`0` (use global)| How long to retain Audit Log entries.|

| Connection Logs|`--connection-logs-retention`|`CODER_CONNECTION_LOGS_RETENTION`|`0` (use global)| How long to retain Connection Log entries.|

| API Keys|`--api-keys-retention`|`CODER_API_KEYS_RETENTION`|`7d`| How long to retain expired API keys.|

| Setting| CLI Flag| Environment Variable| Default| Description|

|----------------------|------------------------------------|----------------------------------------|------------------|--------------------------------------------------------------------------|

| Global|`--global-retention`|`CODER_GLOBAL_RETENTION`|`0` (disabled)| Default retention for all data types. Individual settings override this.|

| Audit Logs|`--audit-logs-retention`|`CODER_AUDIT_LOGS_RETENTION`|`0` (use global)| How long to retain Audit Log entries.|

| Connection Logs|`--connection-logs-retention`|`CODER_CONNECTION_LOGS_RETENTION`|`0` (use global)| How long to retain Connection Log entries.|

| API Keys|`--api-keys-retention`|`CODER_API_KEYS_RETENTION`|`7d`| How long to retain expired API keys.|

| Workspace Agent Logs|`--workspace-agent-logs-retention`|`CODER_WORKSPACE_AGENT_LOGS_RETENTION`|`7d`| How long to retain workspace agent logs.|

audit_logs:365d

connection_logs:0s

api_keys:7d

workspace_agent_logs:7d