diff --git a/go.mod b/go.mod
index e971c6121..732d2c273 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.3
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0
 	github.com/Masterminds/semver v1.5.0
 	github.com/Microsoft/go-winio v0.4.17
 	github.com/Microsoft/hcsshim v0.8.23
@@ -54,7 +54,7 @@ require (
 require (
 	code.cloudfoundry.org/clock v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
diff --git a/go.sum b/go.sum
index 508cc183b..fa0f96803 100644
--- a/go.sum
+++ b/go.sum
@@ -47,10 +47,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4Sath
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1 h1:X7FHRMKr0u5YiPnD6L/nqG64XBOcK0IYavhAHBQEmms=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.7.1/go.mod h1:WcC2Tk6JyRlqjn2byvinNnZzgdXmZ1tOiIOWNh1u0uA=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0 h1:82w8tzLcOwDP/Q35j/wEBPt0n0kVC3cjtPdD62G8UAk=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0/go.mod h1:S78i9yTr4o/nXlH76bKjGUye9Z2wSxO5Tz7GoDr4vfI=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0 h1:Lg6BW0VPmCwcMlvOviL3ruHFO+H9tZNqscK0AeuFjGM=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
diff --git a/keyvault/shim.go b/keyvault/shim.go
index 3a48087eb..a85033722 100644
--- a/keyvault/shim.go
+++ b/keyvault/shim.go
@@ -24,7 +24,7 @@ const (
 )
 
 type secretFetcher interface {
-	GetSecret(ctx context.Context, secretName string, opts *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
+	GetSecret(ctx context.Context, secretName, version string, opts *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error)
 }
 
 // Shim provides convenience methods for working with KeyVault.
@@ -45,12 +45,12 @@ func NewShim(vaultURL string, cred azcore.TokenCredential) (*Shim, error) {
 
 // GetLatestTLSCertificate fetches the latest version of a keyvault certificate and transforms it into a usable tls.Certificate.
 func (s *Shim) GetLatestTLSCertificate(ctx context.Context, certName string) (tls.Certificate, error) {
-	resp, err := s.sf.GetSecret(ctx, certName, nil)
+	resp, err := s.sf.GetSecret(ctx, certName, "", nil)
 	if err != nil {
 		return tls.Certificate{}, errors.Wrap(err, "could not get secret")
 	}
 
-	pemBlocks, err := getPEMBlocks(*resp.Properties.ContentType, *resp.Value)
+	pemBlocks, err := getPEMBlocks(*resp.ContentType, *resp.Value)
 	if err != nil {
 		return tls.Certificate{}, errors.Wrap(err, "could not get pem blocks")
 	}
diff --git a/keyvault/shim_test.go b/keyvault/shim_test.go
index 3c2551574..7b7ca1807 100644
--- a/keyvault/shim_test.go
+++ b/keyvault/shim_test.go
@@ -50,19 +50,17 @@ func newFakeSecretFetcher(certPath, contentType string) *fakeSecretFetcher {
 	return &fakeSecretFetcher{certPath: certPath, contentType: contentType}
 }
 
-func (f *fakeSecretFetcher) GetSecret(_ context.Context, _ string, _ *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) {
+func (f *fakeSecretFetcher) GetSecret(_ context.Context, _, _ string, _ *azsecrets.GetSecretOptions) (azsecrets.GetSecretResponse, error) {
 	bs, err := os.ReadFile(f.certPath)
 	if err != nil {
 		return azsecrets.GetSecretResponse{}, errors.Wrap(err, "could not read file")
 	}
-
 	v := string(bs)
 	resp := azsecrets.GetSecretResponse{
-		Secret: azsecrets.Secret{
-			Properties: &azsecrets.Properties{ContentType: &f.contentType},
-			Value:      &v,
+		SecretBundle: azsecrets.SecretBundle{
+			ContentType: &f.contentType,
+			Value:       &v,
 		},
 	}
-
 	return resp, nil
 }