I received an email from Microsoft indicating that the Azure Key Vault API version 2026-02-01 is set to be released in February 2026, which includes a significant security update: the default access control model for newly created vaults will shift to Azure role-based access control (RBAC). Existing vaults will retain their current access control models, and the behavior in the Azure portal will remain unchanged. I want to update the API version in my Bicep files to this new release, but it appears to not be available yet. Does anyone know if there are delays with this update?
4 Answers
The documentation can be slow to update. Consider setting up an old API checker in your bicepconfig.json file to notify you when new APIs are available while you work on your Bicep files. This could save you some headaches later on!
Sometimes Azure announces API versions before they are actually supported by Bicep or ARM schemas, so it could take a little while for everything to align. If you want to stay ahead, check the GitHub repo for the bicep types, as the release cadence is roughly monthly.
Have you switched your Key Vault to use Azure RBAC instead of the Vault access policy? You can change this setting in the Key Vault's access configuration. Just look for the option labeled 'Permission model.'
Make sure to always check the documentation for the latest available API versions for Azure resources. Currently, it looks like the latest released version is 25-05-01. You might want to hold off on implementing the new changes until it's actually available, especially since all Key Vault control plane API versions prior to 2026-02-01 will retire by February 27, 2027.
Yep, sometimes Azure API versions are announced early and then take a while for Bicep or ARM schemas to support them. It’s a good idea to check the provider API list using `az provider show -n Microsoft.KeyVault` and stick with the current version until the new one is fully supported.