Retention Policies
The Audit Service manages data retention through the RetentionPolicyController and RetentionPolicyService. Retention policies define how long audit events are kept before being archived or deleted. Each tenant can have its own retention policy, and policies can be executed on demand or via scheduled jobs using leader election.
Retention Policy Management
Create a Policy
Endpoint: POST /api/v1/audit/retention/policies
curl -X POST http://localhost:8086/api/v1/audit/retention/policies \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${TOKEN}" \
-d '{
"tenantId": "550e8400-e29b-41d4-a716-446655440000",
"retentionDays": 365,
"archiveEnabled": true,
"archiveAfterDays": 90,
"deleteAfterDays": 730
}'Get Policy by ID
Endpoint: GET /api/v1/audit/retention/policies/:policyId
Get Tenant Policy
Endpoint: GET /api/v1/audit/retention/tenants/:tenantId/policy
List All Policies
Endpoint: GET /api/v1/audit/retention/policies
Update a Policy
Endpoint: PUT /api/v1/audit/retention/policies/:policyId
Delete a Policy
Endpoint: DELETE /api/v1/audit/retention/policies/:policyId
Retention Execution
Execute for a Tenant
Endpoint: POST /api/v1/audit/retention/tenants/:tenantId/execute
Manually triggers the retention cleanup for a specific tenant. Returns an execution result with counts of archived and deleted events.
curl -X POST http://localhost:8086/api/v1/audit/retention/tenants/550e8400/execute \
-H "Authorization: Bearer ${TOKEN}"Execute for All Tenants
Endpoint: POST /api/v1/audit/retention/execute-all
Triggers retention cleanup for all tenants. Returns 202 Accepted as the job runs asynchronously.
Retention Statistics
Endpoint: GET /api/v1/audit/retention/tenants/:tenantId/stats
Returns retention statistics for a tenant including total events, archived events, events pending archival, and storage usage.
Scheduled Retention
The retention service runs a scheduled job to automatically enforce retention policies. Leader election (via LeaderElectionConfig) ensures that only one instance of the service executes the scheduled retention job in a multi-replica deployment.
Execution Flow
- Leader instance wakes up on schedule
- Loads all active retention policies from the database
- For each tenant policy:
- Archives events older than
archiveAfterDays(if archiving is enabled) - Deletes events older than
deleteAfterDays - Records execution statistics
- Archives events older than
- Publishes completion metrics
RetentionPolicy Entity
| Field | Type | Description |
|---|---|---|
id | UUID | Policy identifier |
tenantId | UUID | Owning tenant |
retentionDays | int | Number of days to retain events in primary storage |
archiveEnabled | boolean | Whether to archive events before deletion |
archiveAfterDays | int | Days before events are moved to archive |
deleteAfterDays | int | Days before events are permanently deleted |
createdAt | Instant | Policy creation timestamp |
updatedAt | Instant | Last modification timestamp |
Compliance Considerations
| Regulation | Minimum Retention | Notes |
|---|---|---|
| SOC 2 | 1 year | Audit logs must be retained for the audit period |
| GDPR | As minimal as necessary | Balance retention with data minimization principle |
| HIPAA | 6 years | If handling health data |
| PCI DSS | 1 year | Payment card data access logs |
Deletion is permanent and irreversible. The service enforces a minimum retention period of 30 days to prevent accidental data loss. Archival moves events to a separate cold storage table rather than deleting them.