Upgrade Metadata Encryption to AES256-GCM

MicroStrategy recommends users implement full-disk and full-database level encryption as part of a comprehensive security practice. Starting in June 2024, you can opt-in to stronger application level encryption at AES-256 for objects stored in the metadata. The encryption is turned off by default. To enable application level encryption at AES-256:

You must have metadata version MicroStrategy ONE (June 2024) or later to upgrade your metadata encryption to AES-256

1. Open the MicroStrategy REST API Explorer by appending /MicroStrategyLibrary with /api-docs/index.html?visibility=all in your browser.

2. Create a session and authenticate it. In the Authentication section, use POST /api/auth/admin/login.

3. Click Try Out and modify the request body by providing your user name and password.

4. Click Execute.

5. In the response, find X-MSTR-AuthToken.

6. To get the current feature status:

   1. Under the Configurations section, look up GET ​/api​/v2/configurations​/featureFlags​.

   2. Click Try Out.

   3. Set the proper X-MSTR-AuthToken from step 5. You can also get this via inspecting the browser network XHR requests.

   4. Click Execute.

   5. Search for CA/EnableAES256GCM in the response body to find its status details.

7. Under the Configurations section, look up PUT ​/api​/configurations​/featureFlags​/{id}.

8. Click Try Out.

9. Set the proper X-MSTR-AuthToken from step 5. You also can get this via inspecting the browser network XHR requests.

10. Set id to 6DB42B35426C582F7D6023B5B0853061.

11. To enable this preview feature, set the status value to 1.

12. Click Execute.

13. Repeat step 6 to verify that the feature is enabled.