Problem
OrbStack v1.5.1 added a deletion confirmation popup (closes #421), which helps with accidental clicks. However, a single confirmation click is still too easy to dismiss — especially for production or long-running VMs that should never be deleted accidentally.
There is currently no way to mark a machine or container as "protected" so that the system enforces a hard barrier before allowing deletion.
Proposed Solution
Add a deletion protection mode per machine/container with two requirements when protection is enabled:
- Password or biometric authentication (Touch ID / macOS local password) must be provided before deletion proceeds.
- Protection must be explicitly disabled before the delete action becomes available — or the password prompt appears inline in the delete flow.
UI/UX
- In the machine/container context menu, show a "Protected" toggle (lock icon).
- When protection is ON:
- The Delete menu item is grayed out or shows a lock icon.
- Clicking Delete shows a dialog: "This machine is protected. Enter your password to confirm deletion."
- Entering the correct password completes the deletion.
- Protection state is visible in the machine list (🔒 icon next to protected machines).
CLI
# Protect a machine (prevents deletion until unlocked)
orbctl protect vm-prod
# Remove protection (then deletion becomes possible normally)
orbctl unprotect vm-prod
# List shows protection state
orbctl list
# NAME STATE PROTECTED DISTRO
# vm-dev running no debian bookworm
# vm-prod running YES 🔒 debian bookworm
Configuration
Stored in ~/.orbstack/config/machines/<name>/config.json as:
Why This Is Different from the Existing Confirmation Popup
| Feature |
Confirmation popup (#421) |
Protection lock (this issue) |
| Trigger |
Every deletion |
Only protected machines |
| Barrier |
Single click |
Password / biometrics |
| Opt-in |
No (all machines) |
Yes (per machine) |
| Visible in UI |
No |
Yes (lock icon) |
| CLI protection |
No |
Yes (orbctl protect) |
Prior Art
Similar protection mechanisms exist in:
- Proxmox VE: "Protection" flag on VMs — blocks deletion until explicitly removed
- VMware vSphere: VM "Deletion prevention" setting
- AWS EC2: Termination protection on instances
- DigitalOcean: Droplet destroy protection
Workaround (Current)
Until this feature is available, I wrote a shell script that uses macOS chflags uchg on the machine config directory as a partial workaround. It's imperfect because it only protects the config layer, not the underlying disk image. A native OrbStack feature would be far more reliable and user-friendly.
Use Case
I have a vm-test machine with specific data and mounted volumes that took time to configure. I keep the OrbStack GUI open all day and want to prevent accidentally deleting it while managing other containers. A password-protected lock would give me confidence that the machine is safe even when I'm working quickly.
cc @kdrag0n — happy to discuss implementation details or contribute if helpful.
Problem
OrbStack v1.5.1 added a deletion confirmation popup (closes #421), which helps with accidental clicks. However, a single confirmation click is still too easy to dismiss — especially for production or long-running VMs that should never be deleted accidentally.
There is currently no way to mark a machine or container as "protected" so that the system enforces a hard barrier before allowing deletion.
Proposed Solution
Add a deletion protection mode per machine/container with two requirements when protection is enabled:
UI/UX
CLI
Configuration
Stored in
~/.orbstack/config/machines/<name>/config.jsonas:{ "protected": true }Why This Is Different from the Existing Confirmation Popup
orbctl protect)Prior Art
Similar protection mechanisms exist in:
Workaround (Current)
Until this feature is available, I wrote a shell script that uses macOS
chflags uchgon the machine config directory as a partial workaround. It's imperfect because it only protects the config layer, not the underlying disk image. A native OrbStack feature would be far more reliable and user-friendly.Use Case
I have a
vm-testmachine with specific data and mounted volumes that took time to configure. I keep the OrbStack GUI open all day and want to prevent accidentally deleting it while managing other containers. A password-protected lock would give me confidence that the machine is safe even when I'm working quickly.cc @kdrag0n — happy to discuss implementation details or contribute if helpful.