Reputation: 14698
Event Sourcing - How to delete data in an eventstore?
How to work around the issue of deleting data in an eventstore?
I need to permanently and completely delete some data in order to comply to privacy laws.
I have found these alternatives:
Encrypt the data that you need deleted, and store the encryption key in its own table. When the data needs to be deleted, you then only delete the encryption key.
Use event sourcing on the data that does not need deletion, with reference to a CRUD database for the confidential data that need to be deleted.
Are there any other ways of doing it?
Upvotes: 19
Views: 9209
Answers (3)
Reputation: 19640
EventStoreDB from Event Store allows you to scavenge events with expired TTL. Usually, these are temporary events like stats, or something you have i.e. must be removed after a period of time.
In order not to break your model, one would typically use snapshotting to fix the entity state at some time and then previous events can be deleted without breaking the system.
Upvotes: 3
Reputation: 4548
I did that a month ago. Tried to make it as simple as possible. I just replayed the entire event store, modify event data and finally store the event in a new event store. In other words migration. When everything finished OK I deleted/backup the old store. After that I replayed the new event store against the projections because of the changes.
If you do not have the encryption implemented you have to add it somehow. Like replaying the entire event store.
PS: Just want to mention for other readers that the reasons to change the event store are really limited. Do not do use it except when comply to privacy laws or really nasty bug. If you need to delete user's data you could do one of the two things:
- Encrypt all user's data and when you have to delete it you just get rid of the private key.
- Place all user's data in a separate store/database and when needed you could just delete it without affecting other parts of the system.
Upvotes: 6
Reputation: 22064
First, change your event handlers to not require the data so that things don't break when you remove it.
Then create a small app to read all your events, and write new events to a new event store without the data you needed deleted.
Test that your system still functions using the new event store; can rehydrate all aggregates, and generate all projections/views/readmodels/whateveryoucallthem.
Delete the old event store.
Upvotes: 5
Related Questions
- Event Store cannot write to soft deleted streams
- Deleting Events with Tombstones and Public / Private Data in an Event-Sourced System
- Compensating Events on CQRS/ES Architecture
- Structure of a CQRS event store
- CQRS/ES AR deletion command
- How to deal with deleted event classes in event sourcing
- Logical deletion with event sourcing (potentially with sensitive data / GDPR)
- Event Sourcing SQL Server Delete
- How to handle deletes and their related aggregates?
- How to handle a legal enforced data delete request in an event sourced system?