Password used with Uid to authenticate. Optional when a credential is stored in the OS keychain.
Pwd=<secret>## Optional (when keychain has a stored credential) `Pwd=` is the cleartext password used together with `Uid=` to authenticate against the control plane. In production, prefer to leave `Pwd=` out of the DSN and store the secret via the DSN setup GUI's **Save password** flow; the driver looks the value up at connect time. See `ODBC_CRED_STORE`. ## Aliases - `Password=` and `PWD=` are accepted; key matching is case-insensitive. ## Lookup order If neither `Pwd=` nor `Token=` is in the connection string, the driver looks them up in the OS keychain under the DSN namespace: 1. `Pwd:<Uid>` is checked first; if present, used as the password. 2. `Token:<Uid>` is checked next; if present, used as the bearer token. An explicit `Pwd=` always wins over the keychain. To force the keychain lookup, omit `Pwd=` from both the connection string and the DSN file. ## Connection-string escapes A `;` inside `Pwd=` would terminate the connection-string key. Wrap such passwords in `{...}`: ``` Pwd={p;w;d} ``` parses as the literal three-character secret. The closing brace is escaped by doubling: `}}`. ## Lifetime in memory The driver keeps the in-memory copy of `Pwd=` only until authentication completes, then zeroes it explicitly. The session token returned by the control plane is what the driver uses for subsequent requests.
| Name | Type | Description |
|---|---|---|
Pwd | The cleartext password. Omit if the credential has been saved into the OS keychain via the DSN setup GUI's **Save password** flow. The driver does not persist the value itself; it sends `Uid` and `Pwd` to the control plane's auth endpoint and zeroes the in-memory copy on disconnect. |
# Inline password
Uid=alice@example.com;Pwd=hunter2# Pwd omitted; driver looks up Pwd:<Uid> in the keychain under the DSN name
DSN=DeltaForge;Uid=alice@example.com