Encryption Keys - Reporting Services Native mode Configuration Manager
Use the Encryption Keys page to manage the symmetric key that is used to encrypt and decrypt data in a report server. Managing the encryption keys is an important part of report server configuration. The symmetric key is created and applied automatically when you create the report server database. Create a backup copy of the symmetric key so that you can perform routine maintenance operations. The following maintenance tasks require that you have a valid copy of the symmetric key:
Changing the service account for the Report Server service.
Migrating a Reporting Services installation to a different computer.
Configuring a new report server instance to share or use an existing report server database.
Applies to: Reporting Services Native mode.
Periodically changing the Reporting Services encryption key is a security best practice. A recommended time to change the key is immediately following a major version upgrade of Reporting Services. Changing the key after an upgrade minimizes additional service interruption caused by changing the Reporting Services encryption key outside of the upgrade cycle.
Restoring the symmetric key is necessary if you updated the user account of the Report Server service (and you used a tool other than the Reporting Services Configuration Manager to change the account), or if you are migrating a report server installation to a new server.
To protect the symmetric key from unauthorized access, the symmetric key is encrypted using the private key of the Report Server service. Only the Report Server service is able to unlock and use the symmetric key to store sensitive data in the report server database. If you change the identity of the Report Server service, or if you migrate the report server to a new computer, the private key of the Report Server service will no longer be able to unlock the symmetric key. To restore access to the symmetric key, re-encrypt the symmetric key using the private key of the new Report Server service identity. Restoring the symmetric key is the process by which the re-encryption occurs.
Only restore a symmetric key if it is the same key that is currently used to encrypt and decrypt data in the report server database. If you restore a symmetric key that is not valid, you can no longer access sensitive data. In this case, delete and re-create the key.
The action of deleting and recreating the symmetric key cannot be reversed or undone. Deleting or recreating the key can have important ramifications on your current installation. If you delete the key, any existing data encrypted by the symmetric key will also deleted. Deleted data includes connection strings to external report data sources, stored connection strings, and some subscription information.
To open this page, start the Reporting Services Configuration Manager and select the link in the navigation pane. For more information, see Reporting Services Configuration Manager (Native Mode).