|
Property
|
Characteristic
|
|
Specifies the length of time, in seconds, column encryption keys live in the cache before the driver deletes them. This property is used when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly).
If set to -1, the driver caches column encryption keys for the life of the connection. The keys are deleted when the connection is closed or sent to the connection pool.
If set to 0, the driver does not cache column encryption keys.
If set to x, the driver caches column encryption keys for the specified number of seconds before deleting them. The timer starts for a key when it is first accessed and added to the cache. The timer does not reset if you access it after it has been added to the cache. The keys are deleted when the timer expires, or the connection is closed or sent to the connection pool.
Note: While caching can improve performance, column encryption keys are designed to be deleted from the cache as a security measure and should not be stored for long periods of time.
The default is 7200.
|
|
|
Specifies whether the driver is enabled for Always Encrypted functionality when accessing data from encrypted columns.
If set to Disabled, the driver does not use Always Encrypted functionality. The driver does not attempt to decrypt data from encrypted columns, but will return data as binary formatted cipher text. However, statements containing parameters that reference encrypted columns are not supported and will return an error.
If set to ResultsetOnly, the driver transparently decrypts result sets and returns them to the application. Queries containing parameters that affect encrypted columns will return an error.
If set to Enabled, the driver fully supports Always Encrypted functionality. The driver transparently decrypts result sets and returns them to the application. In addition, the driver transparently encrypts parameter values that are associated with encrypted columns.
The default is Disabled.
|
|
|
Azure Key Vault properties
|
|
|
Specifies the Client Secret used to authenticate against the Azure Key Vault. This property is used only when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly) and Azure Key Vault is the keystore provider. The Azure Key Vault stores the column master key used for Always Encrypted functionality. To access the column master key from the Azure Key Vault, the Client Secret and principal ID must be provided.
|
|
|
Specifies the principal ID used to authenticate against the Azure Key Vault. This property is used only when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly) and Azure Key Vault is the keystore provider. The Azure Key Vault stores the column master key used for Always Encrypted functionality. To access the column master key from the Azure Key Vault, the principal ID and Client Secret must be provided.
Note: The driver currently supports only Azure App Registration as the principal ID.
|
|
|
Java KeyStore properties
|
|
|
Specifies absolute path to the Java KeyStore file. This property is used only when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly) and Java KeyStore is the keystore provider. The Java KeyStore contains the column master key used for Always Encrypted functionality. To specify the password for the Java KeyStore file, use the AEKeyStoreSecret property.
|
|
|
Specifies the password used to access the Java KeyStore file. This property is used only when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly) and Java KeyStore is the keystore provider. The Java KeyStore contains the column master key used for Always Encrypted functionality. If no value is specified, an empty sting is passed to the KeyStore file.
|
|