Gws Vault Rapid
Battle-tested command for google, vault, manage, ediscovery. Includes structured workflows, validation checks, and reusable patterns for google workspace.
GWS Vault Rapid
Rapid command for Google Vault eDiscovery operations -- manage matters, legal holds, exports, and saved queries for compliance and litigation support.
When to Use This Command
Run this command when you need to perform eDiscovery operations through Google Vault for legal, compliance, or audit purposes.
- You need to create a new matter for a legal case or internal investigation
- You want to place legal holds on custodian accounts to preserve data
- You are exporting data from a matter for legal review or compliance reporting
- You need to manage matter permissions, adding or removing collaborators
Use it also when:
- You want to track long-running export operations with
operations get - You need to undelete or reopen a previously closed or deleted matter
Quick Start
# .claude/commands/gws-vault-rapid.md name: gws-vault-rapid description: Rapid Google Vault eDiscovery operations arguments: operation: The Vault operation to execute
# List all open matters claude gws-vault-rapid "matters list --params '{\"state\": \"OPEN\"}'"
Expected output:
{
"matters": [
{
"matterId": "m_abc123",
"name": "Investigation Q1-2026",
"state": "OPEN",
"description": "Internal compliance review"
}
]
}
Core Concepts
| Concept | Description |
|---|---|
| Matter | A container for an investigation, case, or compliance project |
| Hold | A legal hold preserving data for specified accounts or OUs |
| Export | A data extraction from a matter for external review |
| Saved Query | A reusable search query within a matter |
| Operation | A long-running async process (e.g., data export) |
Vault Workflow:
Create Matter āā> Define Scope āā> Place Holds
ā
Download <āā Export Data <āā Run Queries
ā
Close Matter āā> Archive
Configuration
| Parameter | Default | Description |
|---|---|---|
matterId | required | The unique matter identifier for most operations |
state | OPEN | Filter matters by state: OPEN, CLOSED, DELETED |
format | json | Output format: json, table, yaml, csv |
page-all | false | Auto-paginate through matter listings |
dry-run | false | Validate without executing |
Best Practices
-
Create descriptive matter names -- Include case numbers, dates, or investigation codes in matter names for easy identification across your organization.
-
Use count before export -- Run
matters countto estimate the volume of data before initiating a full export, helping plan storage and processing resources. -
Track export operations -- Exports are asynchronous. Use
operations getto poll the export status andoperations listto monitor all running exports. -
Manage matter permissions carefully -- Use
addPermissionsandremovePermissionsto control who can access sensitive investigation data. -
Close matters when complete -- Use
matters closeto prevent further modifications while preserving all data. Closed matters can be reopened if needed.
Common Issues
-
Cannot modify a closed matter -- Closed matters are read-only. Use
matters reopento restore the matter to an open state before making changes. -
Export operation stuck in processing -- Long-running exports may appear stuck. Use
operations getto check actual progress. Very large exports can take hours. -
Insufficient Vault license -- Google Vault requires specific licensing (Workspace Business Plus, Enterprise, or Vault add-on). Users without the proper license will see permission errors when attempting to create matters or place holds.
Data Retention and Compliance
Google Vault is a compliance tool, so understanding retention policies is critical when using this command. Legal holds override any retention rules, preserving all data for held accounts regardless of deletion or retention expiration. When creating holds, specify the scope carefully: you can hold by individual accounts, organizational units, or specific search queries. The exports sub-resource creates a point-in-time snapshot for legal review, and export files are stored temporarily in Google Cloud Storage. Download exports promptly, as they are automatically deleted after 15 days. For large-scale investigations spanning thousands of accounts, use the count method first to estimate data volume and plan your export strategy accordingly. All Vault operations are logged in the Admin Audit log for organizational compliance tracking.
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
Git Commit Message Generator
Generates well-structured conventional commit messages by analyzing staged changes. Follows Conventional Commits spec with scope detection.
React Component Scaffolder
Scaffolds a complete React component with TypeScript types, Tailwind styles, Storybook stories, and unit tests. Follows project conventions automatically.
CI/CD Pipeline Generator
Generates GitHub Actions workflows for CI/CD including linting, testing, building, and deploying. Detects project stack automatically.