This guide documents the new AWS Wickr administration console, released on March 13, 2025. For documentation on the classic version of the AWS Wickr administration console, see [Classic Administration Guide](https://docs.aws.amazon.com/wickr/latest/adminguide-classic/what-is-wickr.html).

# Start the data retention bot for your Wickr network
<a name="starting-data-retention-bot"></a>

Before you run the data retention bot, you should determine how you want to configure it. If you plan to run the bot on a host that:
+ Will not have access to AWS services, then your options are limited. In that case you will use the default message streaming options. You should decide whether you want to limit the size of the captured message files to a specific size or time interval. For more information, see [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md).
+ Will have access to AWS services, then you should create a Secrets Manager secret to store the bot credentials, and AWS service configuration details. After the AWS services are configured, you can proceed to start the data retention bot Docker image. For more information about the details you can store in a Secrets Manager secret, see [Secrets Manager values for AWS Wickr](data-retention-aws-secret-values.md)

The following sections show example commands to run the data retention bot Docker image. In each of the example commands, replace the following example values with your own:
+ `compliance_1234567890_bot` with the name of your data retention bot.
+ `password` with the password for your data retention bot.
+ `wickr/data/retention/bot` with the name of your Secrets Manager secret to use with your data retention bot.
+ `bucket-name` with the name of the Amazon S3 bucket where messages and files will be stored.
+ `folder-name` with the folder name in the Amazon S3 bucket where messages and files will be stored.
+ `us-east-1` with the AWS Region of the resource you're specifying. For example, the Region of the AWS KMS master key or the Region of the Amazon S3 bucket.
+ `arn:aws:kms:us-east-1:111122223333:key/12345678-1234-abcde-a617-abababababab` with the Amazon Resource Name (ARN) of your AWS KMS master key to use to re-encrypt message files and files.

# Start the bot with password environment variable (no AWS service)
<a name="data-retention-basic-startup"></a>

The following Docker command starts the data retention bot. The password is specified using the `WICKRIO_BOT_PASSWORD` environment variable. The bot starts using the default file streaming, and using the default values defined in the [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md) section of this guide.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
-e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
-e WICKRIO_BOT_PASSWORD='password' \
wickr/bot-compliance-cloud:latest
```

# Start the bot with password prompt (no AWS service)
<a name="data-retention-startup-password"></a>

The following Docker command starts the data retention bot. Password is entered when prompted by the data retention bot. It will start using the default file streaming using the default values defined in the [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md) section of this guide.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
-e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
wickr/bot-compliance-cloud:latest

docker attach compliance_1234567890_bot
.
.
.
Enter the password:************
Re-enter the password:************
```

Run the bot using the `-ti` option to receive the password prompt. You should also run the `docker attach <container ID or container name>` command immediately after starting the docker image so that you get the password prompt. You should run both of these commands in a script. If you attach to the docker image and don’t see the prompt, press **Enter** and you will see the prompt.

# Start the bot with 15 minute message file rotation (no AWS service)
<a name="data-retention-startup-rotation"></a>

The following Docker command starts the data retention bot using environment variables. It also configures it to rotate the received messages files to 15 minutes.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
-e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
-e WICKRIO_BOT_PASSWORD='password' \
-e WICKRIO_COMP_TIMEROTATE=15 \
wickr/bot-compliance-cloud:latest
```

# Start the bot and specify the initial password with Secrets Manager
<a name="data-retention-startup-asm"></a>

You can use the Secrets Manager to identify the data retention bot’s password. When you start the data retention bot, you will need to set an environment variable that specifies the Secrets Manager where this information is stored.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
-e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
-e AWS_SECRET_NAME='wickrpro/alpha/new-3-bot' \
wickr/bot-compliance-cloud:latest
```

The `wickrpro/compliance/compliance_1234567890_bot` secret has the following secret value in it, shown as plaintext.

```
{
    "password":"password"
}
```

# Start the bot and configure Amazon S3 with Secrets Manager
<a name="data-retention-startup-asm-s3"></a>

You can use the Secrets Manager to host the credentials, and the Amazon S3 bucket information. When you start the data retention bot, you will need to set an environment variable that specifies the Secrets Manager where this information is stored.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
 -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
 -e AWS_SECRET_NAME='wickrpro/alpha/compliance_1234567890_bot' \
wickr/bot-compliance-cloud:latest
```

The `wickrpro/compliance/compliance_1234567890_bot` secret has the following secret value in it, shown as plaintext.

```
{
    "password":"password",
    "s3_bucket_name":"bucket-name",
    "s3_region":"us-east-1",
    "s3_folder_name":"folder-name"
}
```

Messages and files received by the bot will be put in the `bot-compliance` bucket in the folder named `network1234567890`.

# Start the bot and configure Amazon S3 and AWS KMS with Secrets Manager
<a name="data-retention-startup-asm-s3-KMS"></a>

You can use the Secrets Manager to host the credentials, the Amazon S3 bucket, and AWS KMS master key information. When you start the data retention bot, you will need to set an environment variable that specifies the Secrets Manager where this information is stored.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
 -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
 -e AWS_SECRET_NAME='wickrpro/alpha/compliance_1234567890_bot' \
wickr/bot-compliance-cloud:latest
```

The `wickrpro/compliance/compliance_1234567890_bot` secret has the following secret value in it, shown as plaintext.

```
{
    "password":"password",
    "s3_bucket_name":"bucket-name",
    "s3_region":"us-east-1",
    "s3_folder_name":"folder-name",
    "kms_master_key_arn":"arn:aws:kms:us-east-1:111122223333:key/12345678-1234-abcde-a617-abababababab",
    "kms_region":"us-east-1"
}
```

Messages and files received by the bot will be encrypted using the KMS key identified by the ARN value, then put in the “bot-compliance'” bucket in the folder named “network1234567890”. Make sure you have the appropriate IAM policy setup.

# Start the bot and configure Amazon S3 using environment variables
<a name="using-env-variables"></a>

If you don't want to use Secrets Manager to host the data retention bot credentials, you can start the data retention bot Docker image with the following environment variables. You must identify the name of the data retention bot using the `WICKRIO_BOT_NAME` environment variable.

```
docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \
-d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \
-e WICKRIO_BOT_NAME='compliance_1234567890_bot' \
-e WICKRIO_BOT_PASSWORD='password' \
-e WICKRIO_S3_BUCKET_NAME='bot-compliance' \
-e WICKRIO_S3_FOLDER_NAME='network1234567890' \
-e WICKRIO_S3_REGION='us-east-1' \
wickr/bot-compliance-cloud:latest
```

You can use environment values to identify the data retention bot’s credentials, information about Amazon S3 buckets, and configuration information for the default file streaming.