AAP secrets on the database are currently encrypted (key managed by AAP) using AES in CBC mode with a 256-bit key for encryption, PKCS7 padding, and HMAC using SHA256 for authentication. So, AAP is written using the Django python framework which does not support GCM natively.

However, we need to using Galois/Counter Mode (GCM) or other algorithms (not CBC, or ECB) to ensure compliance with current cryptographic standards. Our Internal security team not accepting AAP product into production.