Specifies the principal ID used to authenticate against Azure Key Vault. This option is used only when Always Encrypted is enabled (ColumnEncryption=Enabled | ResultsetOnly) and Azure Key Vault is the keystore provider. The Azure Key Vault stores the column master key used for Always Encrypted functionality. To access the column master key from the Azure Key Vault, the Client Secret and principal ID must be provided.
Valid Values
principal_id
where:
principal_id
is the Application ID created during Azure App Registration and used to authenticate against the Azure Key Vault.
Notes
To specify the Client Secret, use the Key Store Secret (AEKeystoreClientSecret) connection option.
The driver currently supports only Azure App Registration as the principal ID.
This option is used only when the Azure Key Vault is specified as the keystore provider in the encryption metadata for result set columns or in statement parameters.
The driver determines which keystore provider to use based on the encryption metadata received from the server.
To specify the Client Secret, use the Key Store Secret (AEKeystoreClientSecret) connection option.