In Datomic Cloud there is https://docs.datomic.com/cloud/transactions/transaction-functions.html#db-retractentity.. This does not delete it makes it "hidden". Datomic On-Prem supports https://docs.datomic.com/on-prem/reference/excision.html, which is not supported with Datomic Cloud.

Does this mean to remove data for privacy reasons, the only option is to use excision?

Yes, excision is the tool to use for privacy concerns.

There is retractEntity in Datomic Peer also, just to make that clear. 🙂

@U8A5NMMGD what's the options to delete data if we use datomic cloud?

AFIK there is no option to delete from Datomic Cloud. Workarounds include: storing personal data in different db or using encryption key and then removing the key at appropriate time so that you can't access the information later. Both of them are not ideal and come with their own set of challenges. @U1QJACBUM would there be anything to add? PS. Is there a place where we can vote for features for Datomic Cloud? I feel like excision would be pretty high on that list?

We monitor customer feature feedback and "votes" in three ways (http://forums.datomic.com , http://ask.datomic.com, and support cases). When an issue/discussion in one of these places is around a feature (like excision) we cross link. We add the context to our internal stories in shortcut for context when looking at features for development. We are aware that excision in Cloud is a feature users desire. regarding this thread I think it is important to state that we want to understand in what scenario you (@U53B6QVDX) would like to "delete" data from Datomic cloud. The start of this thread simply asks about SQL like conditional deletes. Perhaps there is another driving reason beyond privacy (GDPR) that is causing you to consider the option of deleting and I would like to understand that. But @U8A5NMMGD is correct. There is no "delete" or excision in Datomic Cloud.

Thanks @U1QJACBUM! Yes, we are deleting data for privacy reasons. And I am currently using :db/retractEntity, deleting more than 100k entities can be very time consuming, that's why i ask whether there is something easier and faster

Hi @U53B6QVDX a few important clarifications. Retractions is not deletion. The data is still there. With retract you have created an atomic fact in the database dissociating an entity from a particular value of an attribute. The fact of that retraction remains along with the history of it's previous values.

I am happy to look at performance questions around retractEntity. We can help you speed that up or consider another approach so that it isn't as time consuming.

If that's something you are interested in shoot me a line at <mailto:[email protected]|[email protected]> with a gist of what you are doing and I can work from there to determine what performance aspects are and what advice might be relevant.

SecureString means it's encrypted and by using aws apis for getting the string out you will get it decrypted at read time. If you are using Datomic Cloud you can use https://docs.datomic.com/cloud/ions/ions-reference.html#get-params to get it from aws ssm; see https://github.com/jacekschae/learn-datomic-course-files/blob/f2378c84bade5cb64018f72aa9179a8c8bb25df4/increments/complete/src/main/cheffy/ion.clj#L11.

I see

would you use params over secrets manager?

If i'm using Datomic Cloud I would use SSM -- AWS Systems Manager as it comes with ion helpers. Don't have a good overview of why would you pick Secrets Manager over Systems Manager.

Secrets Manager costs per encrypted string and allows you to enforce lifecycle and rotation. Systems Manager gives you an encrypted string, and you have to handle lifecycle and rotation yourself. I prefer SSM myself since it's cheaper, and a simple lambda function can do lifecyle and rotation if needed.

Handlers are just functions.

Call them with whatever body they will get called with by Lambda.