MicroStrategy ONE

Enable Encryption for trustStore Secret Values

Encrypting keystores is a fundamental security practice that helps safeguard sensitive cryptographic material, maintains confidentiality, and ensures compliance with regulatory standards. It is an integral part of a comprehensive security strategy to protect digital assets and maintain the integrity and trustworthiness of cryptographic systems.

The configuration was last updated in MicroStrategy ONE Update 12. See the following steps to enable the encryption of secret values in your environment using one of the following methods:

MicroStrategy Library

  1. Open the configOverride.properties config file, which is located in Tomcat Folder/webapps/MicroStrategyLibrary/WEB-INF/classes/config/configOverride.properties.
  2. Add the propertyEncryptionEnabled = true flag and save the file.
  3. Restart the Service. The existing values will be encrypted automatically.

MicroStrategy Web

  1. Open the sys_defaults.properties config file, which is located in Tomcat Folder/webapps/MicroStrategy/WEB-INF/xml/sys_defaults.properties.

    2. If the file does not exist, you must create it manually.

  2. Add the propertyEncryptionEnabled=1 flag and save the file.
  3. Restart the Service. The existing values will be encrypted automatically.

MicroStrategy Modeling Service

  1. Open the modelservice.properties customized file, which is located in ${installPath}/admin/modelservice.conf.
  2. Add the modelservice.featureflag.propertyEncryptionEnabled = true flag and save the file.
  3. Restart the Service. The existing values will be encrypted automatically.

MicroStrategy Collaboration Service

  1. Run the MicroStrategy\Collaboration Server\node_modules\mstr-collab-svc\encrypt.js encryption script to encrypt the identityToken.secretKey string.
  2. Copy the encrypted identityToken.secretKey string to MicroStrategy\Collaboration Server\config.json as property "secretKey": XXXXX.
  3. Fill the "secretKeyEncrypted" : true flag to indicate that the secretKey string is encrypted.

    4. If the flag does not exist, you must create it manually.