Caching column encryption keys improves performance by reducing the overhead associated with fetching and decrypting the keys for the same data multiple times. For security purposes, the driver empties keys from the cache when a connection closes; however, for applications that remain connected for long periods of time, you may want to delete the keys before the connection ends. You can determine the length of time the driver caches keys by specifying the following values for the AEKeyCacheTTL property:
If set to -1, the driver caches column encryption keys for the life of the connection. The keys are deleted when the connection is closed or added to the connection pool.
If set to 0, the driver does not cache column encryption keys.
If set to x, the driver caches column encryption keys for the specified number of seconds before deleting them. The timer starts for a key when it is first accessed and added to the cache. The timer does not reset if you access it after it has been added to the cache. The keys are deleted when the timer expires, or the connection is closed or added to the connection pool.
By default, the driver caches keys for 7200 seconds. See "AEKeyCacheTTL" for details.