MicroStrategy ONE
Upgrade Metadata Encryption to AES256-GCM
Starting in MicroStrategy ONE (December 2024), AES-256 encryption is on by default. This update ensures that sensitive data is protected with one of the most secure encryption algorithms available. Metadata objects are encrypted to AES-256 when a manual metadata update is performed. This is a one time update. During the manual update process, a one-time performance degradation is exptected due to the encryption process, to encrypt metadata objects with the AES-256 standard. Metadata Live updates do not trigger the encryption process, only manual updates.
Starting in MicroStrategy ONE (June 2024), you can opt-in to stronger application level encryption at AES-256 for objects stored in the metadata. The encryption is turned off by default.
MicroStrategy recommends users implement full-disk and full-database level encryption as part of a comprehensive security practice.
To enable application level encryption at AES-256 prior to MicroStrategy ONE (December 2024):
You must have metadata version MicroStrategy ONE (June 2024) or later to upgrade your metadata encryption to AES-256
-
Open the MicroStrategy REST API Explorer by appending
/MicroStrategyLibrary
with/api-docs/index.html?visibility=all
in your browser. -
Create a session and authenticate it. In the Authentication section, use
POST /api/auth/admin/login
. -
Click Try Out and modify the request body by providing your user name and password.
-
Click Execute.
-
In the response, find
X-MSTR-AuthToken
. -
To get the current feature status:
-
Under the Configurations section, look up
GET /api/v2/configurations/featureFlags
. -
Click Try Out.
-
Set the proper
X-MSTR-AuthToken
from step 5. You can also get this via inspecting the browser network XHR requests. -
Click Execute.
-
Search for
CA/EnableAES256GCM
in the response body to find its status details.
-
-
Under the Configurations section, look up
PUT /api/configurations/featureFlags/{id}
. -
Click Try Out.
-
Set the proper
X-MSTR-AuthToken
from step 5. You also can get this via inspecting the browser network XHR requests. -
Set
id
to6DB42B35426C582F7D6023B5B0853061
. -
To enable this preview feature, set the
status
value to1
. -
Click Execute.
-
Repeat step 6 to verify that the feature is enabled.