Sensitive Data in EventStore


in one scenario we have some kind of online shop functionality.

the user can buy something with a credit card. Now we promise our users that the creditcard information will be deleted from our system after the payment has been fullfilled

Now when implementing this in EventStore, what would be a good way? Should I avoid the EventSourcing for this part ? I can image that the payment step could be handled in a CRUD manner.

Or should i do the really really bad thing and update / delete the related events ?

Is there somekind of best practice?

You can delete information....

See delete stream if the event is in its own stream you can just
delete that stream.

Another common strategy is to encrypt that information in the event
(e.g. only some is encrypted) and lose the key which is acceptable for
many such situations though it depends on the particular regulations
you are trying to meet.



More discussion