Log Records and Passphrases
Caution! The application source code calling the AES_ENCRYPT_VARCHAR or AES_DECRYPT_VARCHAR functions should be secured because the passphrase is visible in the call.
Caution! The SET SESSION_TRACE command logs SQL statement text, which includes the passphrase. This command is limited to users with TRACE privilege and is written to a file owned by the installation owner, but session tracing should be used with caution if the encrypt and decrypt functions are in use.