The following connection string configures the driver to use Always Encrypted with the Windows Certificate Store:
DRIVER={DataDirect 8.0 SQL Server Wire Protocol};ColumnEncryption=Enabled;HostName=YourServer;PortNumber=1433;
The following connection string configures the driver to use Always Encrypted with the Azure Key Vault. Unlike connections using Windows Certificate Store, using Azure Key Vault requires the Key Store Principal Id (AEKeystorePrincipalId) and Key Store Secret (AEKeyStoreClientSecret) connection options.
DRIVER={DataDirect 8.0 SQL Server Wire Protocol};AEKeystorePrincipalId=789a8b7c-6d5e-432f-1gh2-3ijk45678987;
AEKeyStoreClientSecret=ABcdEFg/hiJkLmNOPqR01tuVwXwyzYw2xwVUtsRQ=;ColumnEncryption=Enabled;
HostName=YourServer;PortNumber=1433;
See "Configuring and Connecting to Data Sources" for more information on configuring and connecting to data sources.
Note: The keystore provider used by the driver is based on the encryption metadata received from the server. Specifying values for the Key Store Principal Id and Key Store Secret connections does not determine that the driver uses the Azure Key Vault.