Share via

Azure Key Vault API version 2026-02-01

Vikas Verma (HCL TECHNOLOGIES CORPORATE SER) 65 Reputation points Microsoft External Staff
2026-01-30T10:56:44.87+00:00

Hello All,

We are getting alert

"On 27 February 2027, all Azure Key Vault API versions prior to 2026-02-01 will be retired. Azure Key Vault API version 2026-02-01—releasing in February 2026—introduces an important security update: Azure role-based access control (RBAC) will be the default access control model for all newly created vaults. Existing key vaults will continue using their current access control model. Azure portal behavior will remain unchanged."

The Key Vault is already configured to use Azure RBAC (recommended) as the access control model. Do we still have any actions pending?

* PII in Outlook Safelinks Removed

Azure Key Vault
Azure Key Vault

An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.

Answer accepted by question author
  1. Rukmini 38,335 Reputation points Microsoft External Staff Moderator
    2026-01-30T11:22:06.4333333+00:00

    Hello Vikas Verma (HCL TECHNOLOGIES CORPORATE SER),

    The 2026-02-01 API and the 27 February 2027 retirement are enforcing Azure RBAC as the access control model, which is already set up in your Key Vault. The retirement effects vaults still utilizing Access Policies or older API versions.

    Current vaults on Azure RBAC are unaffected and compliant.

    • When you make future updates, just make sure that any automation, SDKs, and IaC (ARM/Bicep/Terraform) are updated to utilize API version 2026-02-01 or later.

    Reference: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration?tabs=cli

    If the resolution was helpful, kindly take a moment to click on 210246-screenshot-2021-12-10-121802.pngand click on Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.
    0 comments
Answer accepted by question author
  1. Harita Tiwari 115 Reputation points Microsoft Employee
    2026-02-04T23:29:35.0466667+00:00

    Hi Team,

    We have RBAC everywhere and verified we do have _"enableRbacAuthorization": tru_e in our Arm template.

     

    Per Migrate Azure Key Vault from access policies to Azure RBAC | Microsoft Learn looks like we still need to make API version update.

    User's image User's imageBut per above response Rukmini has mentioned "The retirement effects vaults still utilizing Access Policies or older API versions.

    Current vaults on Azure RBAC are unaffected and compliant."

    Can you suggest what is needed for us. Is there a channel we can connect with to ask these doubts?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.