Software in regulated industries must comply with:
Auditability laws that require tamper-proof, long-term storage of event logs
Privacy laws (GDPR) that require users’ personal data to be erasable on request.
Deleting data conflicts with the need for immutable audit trails — especially across backups and air-gapped storage.
Crypto-shredding is the solution to this dilemma.
Instead of deleting data, systems encrypt sensitive information with user-specific, time-scoped keys and later make it unreadable by deleting those keys.
We decided against crypto shredding in our event store, as we fear that future tech might make the encryption obsolete, do you have a solution for this?
Based on my research crypto shredding is the only way to have immutable audit event logs & gdpr compliance at the same time.
For EDA (Event Driven Architectures) you don’t have to guarantee event log immutability. If you trust that your code is bug free then you can always filter your primary event log stream and create a new one (with the user data removed).
My use case is not EDA but an auditable event log that has to be stored on an append only storage. In this case you literally cannot modify the event log (it’s on an append only storage system). Then the only option is crypto shredding.
