Azure · ncamillucci · May 7, 2026 · May 7, 2026 · May 7, 2026
@@ -4,12 +4,16 @@
 
 ### Features Added
 
+- Added support for service API version `2025-07-01` [#46782](https://github.com/Azure/azure-sdk-for-python/pull/46782)
+
 ### Breaking Changes
 
 ### Bugs Fixed
 
 ### Other Changes
 
+- Key Vault API version `2025-07-01` is now the default
+
 ## 1.0.0b1 (2025-05-07)
 
 ### Features Added

@@ -0,0 +1,6 @@
+{
+  "apiVersion": "2025-07-01",
+  "apiVersions": {
+    "KeyVault": "2025-07-01"
+  }
+}
@@ -2,8 +2,8 @@
     "CrossLanguagePackageId": "KeyVault",
     "CrossLanguageDefinitionId": {
         "azure.keyvault.securitydomain.models.CertificateInfo": "KeyVault.CertificateInfoObject",
-        "azure.keyvault.securitydomain.models.Error": "Error",
         "azure.keyvault.securitydomain.models.KeyVaultError": "KeyVaultError",
+        "azure.keyvault.securitydomain.models.KeyVaultErrorError": "KeyVaultError.error.anonymous",
         "azure.keyvault.securitydomain.models.SecurityDomain": "KeyVault.SecurityDomainObject",
         "azure.keyvault.securitydomain.models.SecurityDomainJsonWebKey": "KeyVault.SecurityDomainJsonWebKey",
         "azure.keyvault.securitydomain.models.SecurityDomainOperationStatus": "KeyVault.SecurityDomainOperationStatus",

@@ -15,22 +15,23 @@
 from azure.core.rest import HttpRequest, HttpResponse
 
 from ._configuration import SecurityDomainClientConfiguration
-from ._operations import SecurityDomainClientOperationsMixin
+from ._operations import _SecurityDomainClientOperationsMixin
 from ._utils.serialization import Deserializer, Serializer
 
 if TYPE_CHECKING:
     from azure.core.credentials import TokenCredential
 
 
-class SecurityDomainClient(SecurityDomainClientOperationsMixin):
+class SecurityDomainClient(_SecurityDomainClientOperationsMixin):
     """SecurityDomainClient.
 
     :param vault_base_url: Required.
     :type vault_base_url: str
     :param credential: Credential used to authenticate requests to the service. Required.
     :type credential: ~azure.core.credentials.TokenCredential
-    :keyword api_version: The API version to use for this operation. Default value is "7.5". Note
-     that overriding this default value may result in unsupported behavior.
+    :keyword api_version: The API version to use for this operation. Known values are "2025-07-01".
+     Default value is "2025-07-01". Note that overriding this default value may result in
+     unsupported behavior.
     :paramtype api_version: str
     """
 

@@ -26,13 +26,14 @@ class SecurityDomainClientConfiguration:  # pylint: disable=too-many-instance-at
     :type vault_base_url: str
     :param credential: Credential used to authenticate requests to the service. Required.
     :type credential: ~azure.core.credentials.TokenCredential
-    :keyword api_version: The API version to use for this operation. Default value is "7.5". Note
-     that overriding this default value may result in unsupported behavior.
+    :keyword api_version: The API version to use for this operation. Known values are "2025-07-01".
+     Default value is "2025-07-01". Note that overriding this default value may result in
+     unsupported behavior.
     :paramtype api_version: str
     """
 
     def __init__(self, vault_base_url: str, credential: "TokenCredential", **kwargs: Any) -> None:
-        api_version: str = kwargs.pop("api_version", "7.5")
+        api_version: str = kwargs.pop("api_version", "2025-07-01")
 
         if vault_base_url is None:
             raise ValueError("Parameter 'vault_base_url' must not be None.")

@@ -63,6 +63,7 @@ def remove_challenge_for_url(url: str) -> None:
     with _lock:
         del _cache[key.lower()]
 
+
 def set_challenge_for_url(url: str, challenge: "HttpChallenge") -> None:
     """Caches the challenge for the specified URL.
 

@@ -12,14 +12,12 @@
 if TYPE_CHECKING:
     from ._patch import *  # pylint: disable=unused-wildcard-import
 
-from ._operations import SecurityDomainClientOperationsMixin  # type: ignore
+from ._operations import _SecurityDomainClientOperationsMixin  # type: ignore # pylint: disable=unused-import
 
 from ._patch import __all__ as _patch_all
 from ._patch import *
 from ._patch import patch_sdk as _patch_sdk
 
-__all__ = [
-    "SecurityDomainClientOperationsMixin",
-]
+__all__ = []
 __all__.extend([p for p in _patch_all if p not in __all__])  # pyright: ignore
 _patch_sdk()
@@ -8,7 +8,7 @@
 from collections.abc import MutableMapping
 from io import IOBase
 import json
-from typing import Any, Callable, Dict, IO, Iterator, Optional, TypeVar, Union, cast, overload
+from typing import Any, Callable, IO, Iterator, Optional, TypeVar, Union, cast, overload
 
 from azure.core import PipelineClient
 from azure.core.exceptions import (
@@ -36,7 +36,7 @@
 
 JSON = MutableMapping[str, Any]
 T = TypeVar("T")
-ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]]
+ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, dict[str, Any]], Any]]
 
 _SERIALIZER = Serializer()
 _SERIALIZER.client_side_validation = False
@@ -46,7 +46,7 @@ def build_security_domain_get_download_status_request(**kwargs: Any) -> HttpRequ
     _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {})
     _params = case_insensitive_dict(kwargs.pop("params", {}) or {})
 
-    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "7.5"))
+    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2025-07-01"))
     accept = _headers.pop("Accept", "application/json")
 
     # Construct URL
@@ -66,7 +66,7 @@ def build_security_domain_download_request(**kwargs: Any) -> HttpRequest:
     _params = case_insensitive_dict(kwargs.pop("params", {}) or {})
 
     content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None))
-    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "7.5"))
+    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2025-07-01"))
     accept = _headers.pop("Accept", "application/json")
 
     # Construct URL
@@ -87,7 +87,7 @@ def build_security_domain_get_upload_status_request(**kwargs: Any) -> HttpReques
     _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {})
     _params = case_insensitive_dict(kwargs.pop("params", {}) or {})
 
-    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "7.5"))
+    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2025-07-01"))
     accept = _headers.pop("Accept", "application/json")
 
     # Construct URL
@@ -107,7 +107,7 @@ def build_security_domain_upload_request(**kwargs: Any) -> HttpRequest:
     _params = case_insensitive_dict(kwargs.pop("params", {}) or {})
 
     content_type: Optional[str] = kwargs.pop("content_type", _headers.pop("Content-Type", None))
-    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "7.5"))
+    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2025-07-01"))
     accept = _headers.pop("Accept", "application/json")
 
     # Construct URL
@@ -128,7 +128,7 @@ def build_security_domain_get_transfer_key_request(**kwargs: Any) -> HttpRequest
     _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {})
     _params = case_insensitive_dict(kwargs.pop("params", {}) or {})
 
-    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "7.5"))
+    api_version: str = kwargs.pop("api_version", _params.pop("api-version", "2025-07-01"))
     accept = _headers.pop("Accept", "application/json")
 
     # Construct URL
@@ -143,7 +143,9 @@ def build_security_domain_get_transfer_key_request(**kwargs: Any) -> HttpRequest
     return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs)
 
 
-class SecurityDomainClientOperationsMixin(ClientMixinABC[PipelineClient, SecurityDomainClientConfiguration]):
+class _SecurityDomainClientOperationsMixin(
+    ClientMixinABC[PipelineClient[HttpRequest, HttpResponse], SecurityDomainClientConfiguration]
+):
 
     @distributed_trace
     def get_download_status(self, **kwargs: Any) -> _models.SecurityDomainOperationStatus:
@@ -179,6 +181,7 @@ def get_download_status(self, **kwargs: Any) -> _models.SecurityDomainOperationS
         }
         _request.url = self._client.format_url(_request.url, **path_format_arguments)
 
+        _decompress = kwargs.pop("decompress", True)
         _stream = kwargs.pop("stream", False)
         pipeline_response: PipelineResponse = self._client._pipeline.run(  # pylint: disable=protected-access
             _request, stream=_stream, **kwargs
@@ -193,11 +196,14 @@ def get_download_status(self, **kwargs: Any) -> _models.SecurityDomainOperationS
                 except (StreamConsumedError, StreamClosedError):
                     pass
             map_error(status_code=response.status_code, response=response, error_map=error_map)
-            error = _failsafe_deserialize(_models.KeyVaultError, response.json())
+            error = _failsafe_deserialize(
+                _models.KeyVaultError,
+                response,
+            )
             raise HttpResponseError(response=response, model=error)
 
         if _stream:
-            deserialized = response.iter_bytes()
+            deserialized = response.iter_bytes() if _decompress else response.iter_raw()
         else:
             deserialized = _deserialize(_models.SecurityDomainOperationStatus, response.json())
 
@@ -244,6 +250,7 @@ def _download_initial(
         }
         _request.url = self._client.format_url(_request.url, **path_format_arguments)
 
+        _decompress = kwargs.pop("decompress", True)
         _stream = True
         pipeline_response: PipelineResponse = self._client._pipeline.run(  # pylint: disable=protected-access
             _request, stream=_stream, **kwargs
@@ -257,7 +264,10 @@ def _download_initial(
             except (StreamConsumedError, StreamClosedError):
                 pass
             map_error(status_code=response.status_code, response=response, error_map=error_map)
-            error = _failsafe_deserialize(_models.KeyVaultError, response.json())
+            error = _failsafe_deserialize(
+                _models.KeyVaultError,
+                response,
+            )
             raise HttpResponseError(response=response, model=error)
 
         response_headers = {}
@@ -266,7 +276,7 @@ def _download_initial(
         )
         response_headers["Retry-After"] = self._deserialize("int", response.headers.get("Retry-After"))
 
-        deserialized = response.iter_bytes()
+        deserialized = response.iter_bytes() if _decompress else response.iter_raw()
 
         if cls:
             return cls(pipeline_response, deserialized, response_headers)  # type: ignore
@@ -383,6 +393,7 @@ def get_upload_status(self, **kwargs: Any) -> _models.SecurityDomainOperationSta
         }
         _request.url = self._client.format_url(_request.url, **path_format_arguments)
 
+        _decompress = kwargs.pop("decompress", True)
         _stream = kwargs.pop("stream", False)
         pipeline_response: PipelineResponse = self._client._pipeline.run(  # pylint: disable=protected-access
             _request, stream=_stream, **kwargs
@@ -397,11 +408,14 @@ def get_upload_status(self, **kwargs: Any) -> _models.SecurityDomainOperationSta
                 except (StreamConsumedError, StreamClosedError):
                     pass
             map_error(status_code=response.status_code, response=response, error_map=error_map)
-            error = _failsafe_deserialize(_models.KeyVaultError, response.json())
+            error = _failsafe_deserialize(
+                _models.KeyVaultError,
+                response,
+            )
             raise HttpResponseError(response=response, model=error)
 
         if _stream:
-            deserialized = response.iter_bytes()
+            deserialized = response.iter_bytes() if _decompress else response.iter_raw()
         else:
             deserialized = _deserialize(_models.SecurityDomainOperationStatus, response.json())
 
@@ -448,6 +462,7 @@ def _upload_initial(
         }
         _request.url = self._client.format_url(_request.url, **path_format_arguments)
 
+        _decompress = kwargs.pop("decompress", True)
         _stream = True
         pipeline_response: PipelineResponse = self._client._pipeline.run(  # pylint: disable=protected-access
             _request, stream=_stream, **kwargs
@@ -461,7 +476,10 @@ def _upload_initial(
             except (StreamConsumedError, StreamClosedError):
                 pass
             map_error(status_code=response.status_code, response=response, error_map=error_map)
-            error = _failsafe_deserialize(_models.KeyVaultError, response.json())
+            error = _failsafe_deserialize(
+                _models.KeyVaultError,
+                response,
+            )
             raise HttpResponseError(response=response, model=error)
 
         response_headers = {}
@@ -471,7 +489,7 @@ def _upload_initial(
             )
             response_headers["Retry-After"] = self._deserialize("int", response.headers.get("Retry-After"))
 
-        deserialized = response.iter_bytes()
+        deserialized = response.iter_bytes() if _decompress else response.iter_raw()
 
         if cls:
             return cls(pipeline_response, deserialized, response_headers)  # type: ignore
@@ -598,6 +616,7 @@ def get_transfer_key(self, **kwargs: Any) -> _models.TransferKey:
         }
         _request.url = self._client.format_url(_request.url, **path_format_arguments)
 
+        _decompress = kwargs.pop("decompress", True)
         _stream = kwargs.pop("stream", False)
         pipeline_response: PipelineResponse = self._client._pipeline.run(  # pylint: disable=protected-access
             _request, stream=_stream, **kwargs
@@ -612,11 +631,14 @@ def get_transfer_key(self, **kwargs: Any) -> _models.TransferKey:
                 except (StreamConsumedError, StreamClosedError):
                     pass
             map_error(status_code=response.status_code, response=response, error_map=error_map)
-            error = _failsafe_deserialize(_models.KeyVaultError, response.json())
+            error = _failsafe_deserialize(
+                _models.KeyVaultError,
+                response,
+            )
             raise HttpResponseError(response=response, model=error)
 
         if _stream:
-            deserialized = response.iter_bytes()
+            deserialized = response.iter_bytes() if _decompress else response.iter_raw()
         else:
             deserialized = _deserialize(_models.TransferKey, response.json())
 

@@ -1,3 +1,4 @@
+# pylint: disable=line-too-long,useless-suppression
 # coding=utf-8
 # --------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
@@ -43,10 +44,12 @@ class ApiVersion(str, Enum, metaclass=CaseInsensitiveEnumMeta):
     """Key Vault API versions supported by this package"""
 
     #: this is the default version
+    V2025_07_01 = "2025-07-01"
+    V7_6 = "7.6"
     V7_5 = "7.5"
 
 
-DEFAULT_VERSION = ApiVersion.V7_5
+DEFAULT_VERSION = ApiVersion.V2025_07_01
 
 _SERIALIZER = Serializer()
 _SERIALIZER.client_side_validation = False
@@ -90,7 +93,7 @@ class SecurityDomainClient(KeyVaultClient):
         :mod:`azure.identity`
     :type credential: ~azure.core.credentials.TokenCredential
 
-    :keyword str api_version: The API version to use for this operation. Default value is "7.5". Note that overriding
+    :keyword str api_version: The API version to use for this operation. Default value is "2025-07-01". Note that overriding
         this default value may result in unsupported behavior.
     :keyword bool verify_challenge_resource: Whether to verify the authentication challenge resource matches the Key
         Vault or Managed HSM domain. Defaults to True.