dotnet
diff --git a/‎doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml‎
Lines changed: 16 additions & 7 deletions b/‎doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml‎
Lines changed: 16 additions & 7 deletions
@@ -37,6 +37,9 @@
       <param name="encryptedColumnEncryptionKey">
         The encrypted column encryption key.
       </param>
+      <param name="cancellationToken">
+        A token to cancel the asynchronous operation.
+      </param>
       <summary>
         Decrypts the specified encrypted value of a column encryption key asynchronously. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.
       </summary>
@@ -71,6 +74,9 @@
       <param name="columnEncryptionKey">
         The plaintext column encryption key.
       </param>
+      <param name="cancellationToken">
+        A token to cancel the asynchronous operation.
+      </param>
       <summary>
         Encrypts a column encryption key asynchronously using the column master key with the specified key path and using the specified algorithm.
       </summary>
@@ -110,6 +116,9 @@
       <param name="allowEnclaveComputations">
         <see langword="true" /> to indicate that the column master key supports enclave computations; otherwise, <see langword="false" />.
       </param>
+      <param name="cancellationToken">
+        A token to cancel the asynchronous operation.
+      </param>
       <summary>
         When implemented in a derived class, asynchronously digitally signs the column master key metadata with the column master key referenced by the <paramref name="masterKeyPath" /> parameter. The input values used to generate the signature should be the specified values of the <paramref name="masterKeyPath" /> and <paramref name="allowEnclaveComputations" /> parameters.
       </summary>
@@ -118,15 +127,12 @@
       </returns>
       <remarks>
         <para>
-          To ensure that the <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> method doesn't break applications that rely on an old API, it throws a <see cref="T:System.NotImplementedException" /> exception by default.
+          The default implementation calls the synchronous <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> method, which throws a <see cref="T:System.NotImplementedException" /> by default. In this case, the returned task will be faulted with <see cref="T:System.NotImplementedException" />.
         </para>
         <para>
-          The <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> method will be used by client tools that generate Column Master Keys (CMK) for customers. <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> must be implemented by the corresponding key store providers that wish to use enclaves with <see href="https://learn.microsoft.com/sql/relational-databases/security/encryption/always-encrypted-database-engine">Always Encrypted</see>.
+          Key store providers that wish to use enclaves with <see href="https://learn.microsoft.com/sql/relational-databases/security/encryption/always-encrypted-database-engine">Always Encrypted</see> should override this method with a truly asynchronous implementation when the signing operation involves I/O.
         </para>
       </remarks>
-      <exception cref="T:System.NotImplementedException">
-        In all cases.
-      </exception>
     </SignColumnMasterKeyMetadataAsync>
     <VerifyColumnMasterKeyMetadata>
       <param name="masterKeyPath">
@@ -155,11 +161,14 @@
       <param name="signature">
         The signature of the column master key metadata.
       </param>
+      <param name="cancellationToken">
+        A token to cancel the asynchronous operation.
+      </param>
       <summary>
-        When implemented in a derived class, this method is expected to verify the specified signature is valid for the column master key with the specified key path and the specified enclave behavior asynchronously. The default implementation throws `NotImplementedException`.
+        When implemented in a derived class, this method is expected to verify the specified signature is valid for the column master key with the specified key path and the specified enclave behavior asynchronously. The default implementation returns a faulted task with <see cref="T:System.NotImplementedException" />.
       </summary>
       <returns>
-        When implemented in a derived class, the method is expected to return true if the specified signature is valid, or false if the specified signature is not valid. The default implementation throws `NotImplementedException`.
+        A task that, when completed, returns <see langword="true" /> if the specified signature is valid, or <see langword="false" /> if it is not valid.
       </returns>
     </VerifyColumnMasterKeyMetadataAsync>
     <ColumnEncryptionKeyCacheTtl>