To be honest, if the key used to encrypt PII (Personally Identifiable Information) in an event has been lost, there’s no way to retrieve the info anymore.
That’s what the cryptographic erasure gives us, in doing so complying with Europe’s GDPR rules.
This is also what the Axon Data Protection Module does for example.
The PII fields in an event are marked as sensitive data, and prior to serializing an event for transit and/or storage, the data is encrypted.
Losing the key would thus mean the information will be encrypted for ever, without a real way to retrieve this.
Granted, I am not entirely sure if I am answering your question to the fullest Daniel.
So if I am taking a wrong turn here with my response, please correct me with a subsequent response.
in that case, you will have to modify the events, indeed. While it’s a practice that you want to avoid, we do recognize that in certain situations you want to re-encrypt data.
Such situations include keys being compromised, need to re-generate keys with stronger cryptography (not expected, but you can never know for sure), and shifts in understanding what information is PII (especially around GDPR in Europe there are several opinions).
Depending on the type of database you use, this may or may not be easy. In a relational database, there is nothing stopping you from editing a row (which may also be problematic).
AxonServer is designed to be properly append-only. However, for the Enterprise edition, we do have tools on our roadmap that allow you to “rewrite” certain parts of an event stream. There is no API for this, as we believe this compromises the integrity of the stream as a reliable representation of history. We’re currently designing a way for this tool to be able to rewrite, while still maintaining “auditability”, for example by proving that the data of the events hasn’t been altered, merely the encryption/representation of it.