This page is updated as we add features, enhancements, and fixes to Google Vault. Features are typically available to customers within several days of launch, but rollouts can take longer.
March 1, 2023: Support for Client-side encrypted emails
- Vault retains and holds client-side encrypted emails the same as other messages.
- You can preview the unencrypted email metadata, such as subject, sender, and receiver.
- An email's encrypted content will appear as an smime.p7m or smime.p7s attachment in the search preview. To decrypt an export in the mbox format, you can use the decrypter utility (beta). To view client-side encrypted emails in the PST format, import each users’ p7m file into Microsoft Outlook. To learn more about, go to Review messages exported with Vault.
December 5, 2022: Updated UI for future Client-side encryption functionality
September 2, 2022: All Chat searches and holds now use message-based indexing
Search and exports
Vault will search messages in threaded rooms (rooms with conversations) the same way it searches direct messages, group messages, and unthreaded rooms:
Vault search matches and returns individual messages. Previously, Vault search returned matching topics. A topic corresponds to all messages in a thread in a threaded room, or all messages sent in one 24-hour day period (defined by UTC time).
Vault changes the scope of search in threaded rooms:
Vault now searches messages from all threads in a threaded room, as long as the specified account is a member of the threaded room, even if the account didn’t participate (for example, sent some messages) in that thread. Previously, only threads that the account participated in were searched.
If the specified account was a member, but has already left the room, Vault only searches messages sent before the account left the room. Previously, if the account had participated in a thread, all messages in the thread were searched, even those sent after the account left.
When a message matches your search conditions, context is provided for preview and export. The context includes the message and any messages sent 12 hours before and 12 hours after in the same conversation (DM, space, or thread of a threaded room).
If many messages in the same conversation (DM, space, or thread of a threaded room) match your search, there can be overlap in the messages provided for context. When you export, Vault evaluates the overlap and omits duplicate messages from the export.
As a result of these changes, if you run a saved Chat search query over the same timeframe as a previous export, the exported messages might not be the same set as before.
For example, you have a room that contains the following exchange:
Participant 1: hi Participant 2: hello
If you use search terms*, then search, preview, and export process the messages as follows:
|Search term||Chat space search, preview, and export behavior|
Search: Only the message from Participant 1 is returned because only that message matches the search term.
Preview and export: Includes Participant 1's message and all messages in the space or thread (for threaded rooms) that were sent 12 hours before and 12 hours after.
Search: Only the message from Participant 2 is returned because only that message matches the search term.
Preview and export: Includes Participant 2's message and all messages in the space or thread (for threaded rooms) that were sent 12 hours before and 12 hours after.
No messages are returned or exported because no individual message contains both search terms.
Search: Only the message from Participant 1 is returned because only that message matches both search terms.
Preview and export: Includes Participant 1's message and all messages in the space or thread (for threaded rooms) that were sent 12 hours before and 12 hours after.
||No messages are returned or exported because no individual message matches both search terms.|
||No messages from the sample conversation are returned or exported because no individual message matches both search terms.|
Search: Only the message from Participant 2 is returned because only that message matches the search term.
Preview and export: Includes Participant 2's message plus all messages in the space that were sent 12 hours before and 12 hours after.
*Note: Chat search doesn't support Boolean operators, such as
NOT. However, a list of search terms is treated as if
AND was between each term. If a keyword is preceded by
-, then that word is treated as if it's preceded by
NOT. Learn more
You can restrict your search to held data, which is messages associated with a user account that's on hold.
For threaded spaces, Vault now holds and searches all messages in the space if the user on hold, who matches your search parameters, is or was a member. Previously, Vault only held and searched threads in the space where the user on hold sent at least one message in the thread.
In addition, if all users on hold leave a Chat space, a search for held messages returns only messages that were sent before the last user on hold left the space. Particularly for threaded spaces, messages sent after a user left the space are no longer held, even if the user has participated in the conversation.
You can include messages in Chat spaces, which include group conversations created after early December 2020 and spaces. The type of space determines what messages are returned. Learn more
Implementation of the new behavior
The release will take several weeks to roll out to all users. During the transition, to ensure you understand how your messages were searched during the transition:
- If you get the notification at the top of your search results, “Search query applied to individual messages", then your search was message-based.
- If you don't get a notification, then search used the classic search behavior. For threaded rooms, the search query was applied across each conversation.
With the launch of Google Workspace Client-side encryption for Drive, Vault supports retention, search, and export of Google client-side encrypted files.
Retention & holds
Vault retains and holds client-side encrypted files in Drive the same as other files in Drive.
Search & preview
You can search for client-side encrypted files by their metadata, such as title and owner. However, you can’t search their content, search by file format, preview the content, or download from the preview view.
When you search Drive in Vault, you can choose to only search client-side encrypted files or exclude client-side encrypted files. This option is only available if Google Workspace Client-side encryption is turned on for your organization.
For details, see Use Vault to search Google Drive, Meet, and Sites.
When you export client-side encrypted files, the files remain encrypted and the filenames end with
.gcse. To decrypt the files, use Google client-side decrypter. You can also identify client-side encrypted files by their metadata. These files have
ClientSideEncrypted set to
You can now export Gmail messages using a new, faster system in Vault. Vault shows a progress bar as the export is created. Exports that take longer than 24 hours no longer require a manual restart.
In the new system, some export files have different names and formats from the classic system. Organizations that use a script to process Vault export files for Gmail might need to update their scripts to correctly process the new filenames and types. For details, see the summary of changes below.
To use the new export system, you choose the option when you create the export. API users can set
use_new_export=true in MailExportOptions.
For now, exports use the classic system unless you choose to use the improved one when you start the export. The new system will replace the classic system in a few months. During the transition when both options are available, Vault will indicate which Gmail exports were created with the new system.
Note: Only export files for Gmail are changing. Export files for other services are staying the same.
Summary of changes
|Information||File name||What's new|
The file contains mbox or PST files, rather than zipped message files.
The message files are named export_name-account.mbox or export_name-account.pst, where account is the full email address of the custodian (the account that sent or received the message).
In some cases, more than one file is generated for an account and the file name includes an increment. For example, an export could contain the following files:
Classic: export_name-metadata.xmlNew: export_name-metadata.csv
In CSV format. It contains the same information as the classic file plus new columns:
|Accounts and message count||
More information is reported:
The accounts are now sorted in descending order of successfully exported messages.
Classic: error.csv, and export_name-account-exceptions.csvNew: export_name-error.xml
The new error report is one file in XML format. It's always part of the export, even when no errors occurred.
It contains the same information as the classic files plus the following:
|Messages that didn’t convert to PST||export_name-conversion-errors-N.zip||
New file that’s returned for exports in PST format when some messages aren’t converted to PST. The file contains the messages that weren’t converted in EML format.
If more than one file is returned, the file names have an increment. For example:
|File checksums||export_name.md5||No changes|
With the launch of approvals for files in Drive, Vault now includes approvals metadata in Drive exports. The metadata includes a list of approvers, the approval status, and the date of the last change in approval status. If you enter a version date as part of your search, the approval metadata reflects the current state, not the state at the time of the version date.
Gmail exports will now include 2 metadata files, the classic XML file and a new CSV file. The new CSV format expands our support for third-party content review tools and includes more metadata for Gmail messages.
The CSV has 2 new fields:
GmailMessageId—A unique identifier for each message that can be used in the Gmail API.
Account—The account that was within the scope of the search (sender or receiver)
Rfc822MessageId value provides an identifier to associate metadata with a message in the export, similar to
External FileName in the classic XML file.
The way that the Drive search operators
from: match files in Google Vault has changed. They won't match files shared before March 2021. Their new behavior makes these operators more intuitive for Drive searches. It also lets you determine not only who has access to a file, but who gave those users access.
As of February 2021, a new search operator,
sharedwith:, is available and offers similar matching as the
to: operator did before the change. An existing search operator,
owner:, offers the same matching as the
from: operator did before the change.
You can now retain, hold, search and export sites created in new Google Sites.
By default, sites are covered by Drive retention rules. You can also set Sites-specific retention rules.
To hold, search, and export sites, use Drive holds and search. You can filter search results to only sites with the new term
type:site. You can also search for sites by published URL.
Chat is introducing 2 changes to groups messages:
New group chats created in Chat are handled like unthreaded rooms and users can change the membership of those group chats. Existing group chats are still handled as group messages.
Vault handles these new group chats differently from existing group messages, affecting the scope of retention, holds, and search. Because they’re more like rooms, Vault now uses “Chat spaces” to refer to threaded rooms, unthreaded rooms, and new group chats.
We’ve launched a new, modern, Material Design-based version of Vault. It’s easier to navigate, with new productivity features for faster task completion.
No migration is required to use the new site. It uses the same backend system as the classic site (ediscovery.google.com). You’ll find the same matters, retention rules, and holds in both sites until ediscovery.google.com is disabled.
To use the new website, go to vault.google.com and sign in with your managed Google Account.
- When you first sign in, instead of opening the Matters page, you open a home page with 3 options: Retention, Matters, and Reporting.
- When you set up retention rules and holds, you follow step-by-step flows with more tooltips to guide you through the process.
- Custom retention rules, holds, and search results are listed in a sortable, filterable tables. You can more easily understand the scope of your information governance policies and search results.
- When you explore search results and hold reports, you keep your context. Clicking an item now opens a side panel instead of taking you to a new page.
What hasn’t changed:
- Your existing settings, saved queries, or export files. Your data and settings are available in both sites.
- Vault functionality. Everything you could do in classic Vault is available in new Vault.
In the Vault Help Center, you’ll find instructions for both versions until classic Vault is shut down.
With the release of unthreaded rooms in Chat, you can retain, hold, search, and export messages in these new rooms. Vault handles these messages differently from messages in threaded rooms (rooms where messages are grouped into conversations).
Vault now supports Google Voice for G Suite. You can retain, hold, search, and export text messages, voicemails and their transcripts, and call logs. Note: Google Voice for G Suite doesn’t support recording calls and Vault has no access to voice calls.
The Vault API now includes a Count API for Gmail and Groups. Use the Count API to get the number of messages that match a search query. You can use the number of messages to estimate the size of the export, and then choose to proceed with the export or adjust the query to retrieve fewer items.
For more information, see the Count API documentation and review an example.
With the release of Q&A and polls in Google Meet, Vault supports retention, holds, and search of Q&A and polls logs associated with Meet recordings.
When you export your organization’s data with the Data Export tool, data that’s deleted but retained or held by Vault is now included in the organization-wide export. You no longer need to use Vault to do additional exports that include the deleted but retained data.
Chat export files now use the same format as Vault preview to report the edited or deleted status of a message:
|Message status||Format before||New format|
|Deleted by user or Vault retention rule||
Your G Suite admin can now allow users in your organization to chat with external users (Learn more). Vault can retain, hold, search, and export Chat messages from external users as follows:
- You can retain, hold, search, and export direct messages (DMs) between external users and users in your organization when archiving is turned on.
- You can search and export messages sent by external users in rooms created by someone in your organization.
- You can't retain, hold, search, or export messages sent by users in your organization in rooms owned by another organization.
Gmail confidential mode
Gmail confidential mode lets users restrict recipients' access to sensitive email content. This feature is available to organizations that turn on the feature and personal Gmail accounts.
When a user sends a confidential message, Gmail replaces the message body and attachments with a link. Only the subject and link are sent using SMTP.
Confidential mode messages sent by users in your domain
If your organization enables Gmail confidential mode, Vault can hold, retain, search, and export confidential mode messages sent by users in your organization after November 30, 2018.
Messages are available to Vault even when the sender sets an expiration date or revokes recipients' access to confidential mode messages.
Confidential mode messages received from outside your domain
Even if your organization doesn't enable Gmail confidential mode, your users might receive confidential mode messages from users in other organizations or personal Gmail accounts.
You can hold, retain, search, and export message headers and subjects of external confidential messages. However, you can't search or export message content or attachments from external confidential messages.
Working with confidential mode messages
Vault supports confidential mode messages as follows:
- Vault returns internal confidential messages that match your search query.
- When you preview messages, the message content is hidden by default. You have the option to show the content in preview.
- When you print or export messages, you can exclude confidential message content. When you choose this option, the headers, sender, recipient, and other metadata are printed or exported, but the confidential message content isn't.
- To search for, retain, or hold confidential messages exclusively, use the term
Vault now fully supports Jamboard files that users have saved to their Drives:
- Holds and retention rules now cover jams that users have saved to Drive. Unsaved jams are discarded when the Jamboard session ends and are unavailable to Vault.
- You can search, preview, and export jams. Use
type:jamto search specifically for Jamboard files.
When you export Google Docs, Sheets, and Slides, Vault now generates a unique hash value for each file. You can use this new hash value to deduplicate file exports and to verify that the exported file is an exact copy of the custodian's source file.
How you search for a file controls how Vault generates the hash value:
- If your search includes a version date, it's used to generate the hash value.
- The last modified date is used when the search doesn't include a version date.
When comparing hash values among exports, keep the following in mind:
- If a file's content changes, its hash value also changes.
- If someone changes sharing permissions on a file but not the content, the hash value doesn't change.
- If you export a file multiple times and use different version dates, the hash values differ even if the file content is identical among the exports.
The source hash is one of the parameters included in the Vault XML file when you export from Drive. Learn more about Drive export metadata.
We've added more granular controls to retention rules:
- You can set custom Drive retention rules that expunge files a specified number of days after users move them to trash.
We've also added new features to make it easier and more efficient to search for data in Vault:
- Quickly perform multiple searches in a matter—after you start a search in Gmail or Groups, you can click the Search in new tab button to open a new search dialog in the same matter. Your initial search will complete in the first tab.
- Search status—while a search is in progress, Vault reports the time elapsed and the query parameters you entered.
- Improved count functionality—when you enter a query and click the Count button, Vault reports the number of matches and time elapsed. You can also download a CSV file that lists the accounts with messages that match your query.
You can now export Gmail, chat, and Groups messages as PST files. This feature makes it possible for you to review messages in Microsoft Outlook, as well as third-party litigation support tools that support this format.
Get more detailed metadata when exporting files from Drive
When you export files from Drive, the metadata includes information about users who have an indirect relationship to a document. Additionally, Vault gives you the option to determine what that relationship is.
Learn more about users with indirect access to files and your options when exporting from Drive.
Select a time zone during search and export operations
Previously Vault used Greenwich Mean Time (GMT) for all searches and added extra day to include results from earlier time zones. Vault now supports time zone selection for search and export operations. You can specify a time zone when searching for data, and then Vault determines the boundaries of dates for displaying and exporting results.
The new time zone setting affects only search and export operations.
Important: Organizations that span multiple time zones may see different search results compared to those delivered before this feature was released. Learn more about searching for data based on time zones.
Create custom retention rules for all shared drives in your domain
You can now create custom retention rules that cover all shared drives in your domain.
Set retention rules for specific Google Groups
You can now apply custom retention rules to specific Google Groups.
Full support for Google Drive, including shared drives
You can now set retention rules and place legal holds on files in Google Drive, making it a fully supported app in Vault.
You can now also search, export, set retention rules, and place legal holds on files stored in shared drives.
Note: Drive retention and holds work a bit differently than what you've grown accustomed to with Gmail retention and holds. We recommend you review these articles as you consider the hold and retention policies that work best for your organization:
Export point-in-time Google Drive files
Vault only searches the latest version of a file. However, you can now add a version date to your search to view and export Google files as they existed on that date. Versioning is supported in most Google file types:
Versioning isn't supported in Google Forms, Apps Script, or any non-Google file type.
Use Vault for Google Groups
Vault now works with Groups, meaning you can search, export, and set retention policies, and place legal holds on content in Groups.
- Download partial results—The messages and files that Vault retrieved up to that point are available for download. Also included is a CSV file that lists accounts that have not yet been exported.
- Continue an export—Vault resumes where it left off, retrieving additional messages and files for another 24 hours. You can continue an export as many times as necessary to retrieve all messages and files that match your search query.
If you do not download partial results or resume a paused export before 15 days have elapsed, the export is deleted.
- Assign hold privileges based on organizational units—Vault administrators can be limited to creating and managing holds for users within specific organizational units rather than an entire domain.
- Holds based on organizational units—Previously, you could create holds for specific user accounts or an entire domain. Now you can create holds that apply to all members of a specific organizational unit.
- More intuitive hold functionality—Previously, if you removed all accounts from a hold, Vault would apply the hold to all accounts in the domain. Now, you’re prompted to delete a hold if you try to remove all accounts.
- Enhanced user interface—The language and interface for applying holds is improved and is similar to the recently updated retention flow.
- Retention rule applies to deleted messages only—If you select this option, the rule only affects messages that have been deleted by users. This is the default option for new rules and is equivalent to adding label:^deleted to a custom retention rule.
- Retention rule applies to deleted messages and messages in user mailboxes—If you select this option, the rule applies to all messages except those that meet any custom rules or holds you specify. If you open an existing custom retention rule that uses label:^deleted, it has this option selected. However, your custom rule continues to work according to your original configuration, overrides the option, and only deleted messages are affected.
Remember: Vault is fully integrated with Gmail, and there is no separate archive. Choosing the second option above means that you want the rule to apply to all messages, whether users have marked the messages for deletion or not. This option can potentially delete messages that your users expect to keep. For example, if you set a default retention rule to retain messages for 365 days and select the second option (to apply to all messages), and you have no custom rules or holds, Vault deletes every message in your domain that is older than 1 year.
Setting up the retention policies that your organization needs can be complicated, so we've put together this article to help you. Contact G Suite Support if you need any additional help.
Vault previews and exports now include several additional pieces of information to help you analyze messages:
- Message previews—You can now view system labels, which show the status of each message from the message owner's perspective. You can also see any labels applied to the message by the user.
- Message exports—You can now view any labels applied to the message by the user.
A G Suite admin can now restrict access to matters based on organizational units. If this is enabled, a Vault user can share matters only with members of the specified organizational units and their sub-units. Learn more about Vault privileges and how to assign them.
Vault no longer restricts how many accounts you can search for messages. Please note that you may experience delays when searching and counting over domains with more than 50,000 accounts.
Vault now reports additional information when messages in Gmail or files in Drive are unavailable for export. Learn more about error reports.
Vault for Drive
Vault's robust functionality now includes another data source—Drive—so that your organization can find even more business-critical content. Vault for Drive comes at no additional cost for Vault customers and works with existing Drive content in your users' accounts. Postini customers transitioning to Vault will also be able to use Vault for Drive at no additional cost once the transition is complete.
With Vault for Drive, here’s what you can do with all of your Drive content, including both Google documents (such as Docs, Sheets, Slides) and other stored files (like DOCX, PDF, and JPEG):
- Search for specific users’ Drive files.
- Preview search results in Vault to make sure you find just what you need.
- Create copies of search results and export them for future use.
Setting retention policies, creating holds, and conducting domain-wide searches for Drive content are not available at this time. Get started searching for files in Google Drive.
G Suite Business
G Suite Business is the enhanced office suite. In addition to everything available in G Suite Basic, it includes unlimited Google Drive storage and Google Vault for everyone in your organization, plus additional Drive administration, audit, and reporting features. Learn more about G Suite Business.
You can more easily exclude draft messages from searches, and when creating retention rules and holds.
The Manage Exports and Manage Searches privileges can now be granted to a user for an entire organization, or only for specific organizational units (OUs). For example, you can assign a Vault administrator the Manage Searches privilege for your whole organization and the Manage Exports privilege for one OU. Privileges are still assigned in the Admin console by your G Suite administrator.
The options for setting or modifying retention periods are now more clear, and we’ve added safeguards when setting a retention period for a specified number of days.
Vault users can now search for data within a specific organizational unit (OU), in addition to searching the entire domain or searching by user account. Searching within an OU reduces the number of irrelevant search results that a domain-wide search can produce, and eliminates the need to specify individual accounts. When performing a search within a matter, select Organization then select the OU you want to search. Accounts cannot be included in an OU-based search, but you can still optionally specify a date range and search terms.
Admins can now hold specific messages—for example, from a certain date or with certain terms—for indefinite preservation in Vault. Only messages that meet the specified parameters are preserved. Previously, Vault admins had to put an entire user account on hold to preserve messages in that account. Holding an entire account is still possible. Learn more about the two types of holds.
The preview function allows Vault admins to examine the content that a custom retention rule will retain once it is set. Admins no longer have to enter a username. When admins click the Preview button, Vault displays results based on what the admin selected—a specific OU or the whole domain. Previously, admins had to enter a username to preview the results of a custom rule. Learn more about retention rules.