The following connection string configures the driver to use Always Encrypted with the Windows Certificate Store: 

DRIVER={DataDirect 8.0 SQL Server Wire Protocol};ColumnEncryption=Enabled;HostName=YourServer;PortNumber=1433;

The following connection string configures the driver to use Always Encrypted with the Azure Key Vault. Unlike connections using Windows Certificate Store, using Azure Key Vault requires the Key Store Principal Id (AEKeystorePrincipalId) and Key Store Secret (AEKeyStoreClientSecret) connection options. 

DRIVER={DataDirect 8.0 SQL Server Wire Protocol};AEKeystorePrincipalId=789a8b7c-6d5e-432f-1gh2-3ijk45678987;
AEKeyStoreClientSecret=ABcdEFg/hiJkLmNOPqR01tuVwXwyzYw2xwVUtsRQ=;ColumnEncryption=Enabled;
HostName=YourServer;PortNumber=1433;

See "Configuring and connecting to data sources" for more information on configuring and connecting to data sources.

Note: The keystore provider used by the driver is based on the encryption metadata received from the server. Specifying values for the Key Store Principal Id and Key Store Secret connections does not determine that the driver uses the Azure Key Vault.

The following connection string configures the driver to use Always Encrypted with a PKCS #12 file. To use a PKCS #12 file, the driver requires values for the AE Keystore Location (AEKeyStoreLocation) and AE Keystore Secret (AEKeyStoreSecret) connection options. The value for the AE Keystore Secret is needed only when the PKCS #12 file is password-protected.

DRIVER={DataDirect 8.0 SQL Server Wire Protocol};AEKeyStoreLocation=C:\abc\keystore.pfx;
AEKeyStoreSecret=ABcdEFg/hiJkLmNOPqR01tuVwXwyzYw2xwVUtsRQ=;ColumnEncryption=Enabled;
HostName=YourServer;PortNumber=1433;