CHAPTER 11 SECURING REPORTS
which contains sensitive authentication credentials required to connect to SSRS server components.
Notice that parts of the data inside the file are encrypted. SSRS uses the keys associated with the report
server instance to decrypt the contents of this file as well as the encrypted content stored in the
ReportServer database in the dbo.Keys table.Figure 11-8. The rsreportserver.config encrypted valuesWe will show how to use both tools—the Reporting Services Configuration Manager and the
RSKeyMgmt utility—to extract the key for the PROSSRS SSRS installation.
First, open the Reporting Services Configuration Manager again and connect to your report server
instance (called MSSQLSERVER by default), and then click the Encryption Keys icon on the left. You will
see four options on the Encryption Key page: Backup, Restore, Change, and Delete Encrypted Content.
You can back up the encryption key to a key file and supply a password, as shown in Figure 11-9. This file
should be stored in a secure location. If the report server ever had to be rebuilt for any reason—because
of a hardware failure or data corruption issue—then having this key is crucial to restoring the
ReportServer database to its previous state. Without the key file, it is still possible to restore and initialize
the ReportServer database from backup. However, all objects that require encryption, such as data
sources with stored account information, must be reset manually, which could be an arduous task at
best.
To use the command-line tool that will essentially perform the same task of backing up, restoring,
and deleting the encryption keys for the report server instance, the syntax is as follows:RSKeyMgmt -e -f C:\Pro_SSRS\SSRS_Key\PROSSRS_SSRS_Key -P Password