Specifies the length of time, in seconds, column encryption keys live in the cache before the driver deletes them. This option is used when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly).
Valid Values
0 | x
where:
x
is the number of seconds the driver stores a column encryption key in the cache.
Behavior
If set to -1, the driver caches column encryption keys for the life of the connection. The keys are deleted when the connection is closed or added to the connection pool.
If set to 0, the driver does not cache column encryption keys.
If set to x, the driver caches column encryption keys for the specified number of seconds before deleting them. The timer starts for a key when it is first accessed and added to the cache. The timer does not reset if you access it after it has been added to the cache. The keys are deleted when the timer expires, or the connection is closed or added to the connection pool.
Notes
Column encryption keys do not persist beyond the life of the connection. When a connection is closed, the driver purges the cache, leaving no column encryption key data in memory.
Caching column encryption keys can provide performance gains by reducing the overhead associated with fetching and decrypting the keys for the same data multiple times during a connection. Specifying larger values for this property increases the length of time that a column encryption key persists in the cache; therefore, improving performance in some scenarios. Note that column encryption keys are designed to be deleted from the cache as a security measure and should not be configured to live for long periods of time.
Column encryption keys do not persist beyond the life of the connection. When a connection is closed, the driver purges the cache, leaving no column encryption key data in memory.