Specifies whether the driver is enabled for Always Encrypted functionality when accessing data from encrypted columns.
Valid Values
Disabled | ResultsetOnly | Enabled
Behavior
If set to Disabled, the driver does not use Always Encrypted functionality. The driver does not attempt to decrypt data from encrypted columns, but will return data as binary formatted cipher text. However, statements containing parameters that reference encrypted columns are not supported and will return an error.
If set to ResultsetOnly, the driver transparently decrypts result sets and returns them to the application. Queries containing parameters that affect encrypted columns will return an error.
If set to Enabled, the driver fully supports Always Encrypted functionality. The driver transparently decrypts result sets and returns them to the application. In addition, the driver transparently encrypts parameter values that are associated with encrypted columns.
Notes
When Always Encrypted functionality is enabled, values must be provided for the following properties according to your keystore provider:
For Azure Key Vault, you must specify values for the AEKeystorePrincipalId and AEKeystoreClientSecret properties.
For Java KeyStore, you must specify values for the AEKeystoreLocation and AEKeystoreSecret properties.
When Always Encrypted functionality is enabled, the driver transparently supports both randomized encryption and deterministic encryption.
Parameter markers must be used when specifying values that are associated with encrypted columns. If literal values are specified in a statement targeting encrypted columns, the driver will return an error.