Exporting SSRS Key to Azure Key Vault

Exporting SSRS Key to Azure Key Vault for Scale-Out Deployments


You will have to agree that managing so many encryption keys for SQL Server could be a tedious job. With Azure Storage Value, storing and distributing keys is even more accessible, and one of the use-cases that I will discuss is exporting SSRS key to Azure Key Vault.

Exporting SSRS Key to Azure Key Vault

The Azure Key Vault provides you a complete end-to-end solution to encrypt and store keys and small client-secrets like passwords that use keys stored in HSM’s (hardware security modules).

Since this is provided as a service by Microsoft on Azure, you do not need to install or provision it. However, let us get back to the topic of discussion.

For SSRS, it does not matter if you have a single server or a scale-out deployment. You only need to back up one copy of the symmetric key. There is a one-to-one correspondence between a report server database and a symmetric key. Although you need to back up one copy, you might need to restore the encryption-key multiple times if you are running numerous report servers in a scale-out deployment model. Each report server instance will need its copy of the symmetric key to lock and unlock data in the report server database.

Once the Storage Key is exported using either ‘rskeymgmt’ utility or SSRS config manager, you can manually import the key and store it in the Key Vault. See the screenshot below:

Exporting SSRS Key to Azure Key Vault

You will need to export the encryption key locally first by using commands such as below:

rskeymgmt.exe -e -f c:toolsSSRS2017_key -p BackupKeyLocal -i SQL2017

It is always a great idea to backup your encryption keys from time to time, even if you are using a secure source systems externally. Questions or suggestions are welcome in the comment section below.

Disclaimer: The Questions and Answers provided on https://www.gigxp.com are for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose.