in that case, you will have to modify the events, indeed. While it’s a practice that you want to avoid, we do recognize that in certain situations you want to re-encrypt data.
Such situations include keys being compromised, need to re-generate keys with stronger cryptography (not expected, but you can never know for sure), and shifts in understanding what information is PII (especially around GDPR in Europe there are several opinions).
Depending on the type of database you use, this may or may not be easy. In a relational database, there is nothing stopping you from editing a row (which may also be problematic).
AxonServer is designed to be properly append-only. However, for the Enterprise edition, we do have tools on our roadmap that allow you to “rewrite” certain parts of an event stream. There is no API for this, as we believe this compromises the integrity of the stream as a reliable representation of history. We’re currently designing a way for this tool to be able to rewrite, while still maintaining “auditability”, for example by proving that the data of the events hasn’t been altered, merely the encryption/representation of it.
Hope that makes sense.