UUID Lifecycle: Retention, Rotation, and Ephemeral IDs
UUIDs typically do not expire—unlike tokens. This guide explains how to manage UUIDs across their lifecycle, when to rotate identifiers, and when to use ephemeral IDs.
Persistence vs Ephemeral
- Persistent UUIDs: stable identifiers for entities (users, orders, files).
- Ephemeral UUIDs: short-lived references for workflows or one-time actions.
Rotation Strategies
- Rotate only when business constraints require (e.g., data partitioning or privacy).
- Preserve referential integrity: maintain mapping table from old → new UUID if rotating.
- Use v4 for new public identifiers; use v5 for deterministic derivations where needed.
Retention and Deletion
- Apply data retention policies to records, not the UUIDs themselves.
- Avoid reusing deleted UUIDs; treat them as permanently retired.
- Consider soft-delete patterns with a
deleted_attimestamp.
Operational Tips
- Normalize lowercase and validate format server-side.
- Index and shard appropriately; consider binary(16) storage for performance.
- Log UUID lookups for observability and incident response.