Event Sourcing - How to delete data in an eventstore?

Question

How to work around the issue of deleting data in an eventstore?

I need to permanently and completely delete some data in order to comply to privacy laws.

I have found these alternatives:

1. Encrypt the data that you need deleted, and store the encryption key in its own table. When the data needs to be deleted, you then only delete the encryption key.

2. Use event sourcing on the data that does not need deletion, with reference to a CRUD database for the confidential data that need to be deleted.

Are there any other ways of doing it?

Answer 1

I did that a month ago. Tried to make it as simple as possible. I just replayed the entire event store, modify event data and finally store the event in a new event store. In other words migration. When everything finished OK I deleted/backup the old store. After that I replayed the new event store against the projections because of the changes.

If you do not have the encryption implemented you have to add it somehow. Like replaying the entire event store.

PS: Just want to mention for other readers that the reasons to change the event store are really limited. Do not do use it except when comply to privacy laws or really nasty bug. If you need to delete user's data you could do one of the two things:

• Encrypt all user's data and when you have to delete it you just get rid of the private key.
• Place all user's data in a separate store/database and when needed you could just delete it without affecting other parts of the system.

Answer 2

First, change your event handlers to not require the data so that things don't break when you remove it.

Then create a small app to read all your events, and write new events to a new event store without the data you needed deleted.

Test that your system still functions using the new event store; can rehydrate all aggregates, and generate all projections/views/readmodels/whateveryoucallthem.

Delete the old event store.