From e5d2a3cd0fbbcd44da39d7833f30c48b091ff4db Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Thu, 29 Dec 2022 19:04:57 +0530
Subject: [PATCH 1/8] Check if the key vault uri provided is a valid Kid

---
 .../src/EncryptionDatabaseExtensions.cs       | 22 +++++++
 .../tests/EmulatorTests/MdeEncryptionTests.cs | 63 +++++++++++++++++++
 2 files changed, 85 insertions(+)

diff --git a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
index 47a68b38ae..da12f3faa2 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
@@ -91,6 +91,17 @@ public static async Task<ClientEncryptionKeyResponse> CreateClientEncryptionKeyA
                     + " Please refer to https://aka.ms/CosmosClientEncryption for more details.");
             }
 
+            if (string.Equals(encryptionCosmosClient.KeyEncryptionKeyResolverName, KeyEncryptionKeyResolverName.AzureKeyVault))
+            {
+                // https://KEYVAULTNAME.vault.azure.net/keys/KEYNAME/ID
+                string[] keyVaultUriSegments = new Uri(encryptionKeyWrapMetadata.Value).Segments;
+
+                if (keyVaultUriSegments.Length != 4 || !string.Equals(keyVaultUriSegments[1], "keys/", StringComparison.InvariantCultureIgnoreCase))
+                {
+                    throw new ArgumentException($"Invalid key vault uri'{encryptionKeyWrapMetadata.Value}' passed. Pass the complete Azure keyvault key identifier. Please refer to https://aka.ms/CosmosClientEncryption for more details.");
+                }
+            }
+
             KeyEncryptionKey keyEncryptionKey = KeyEncryptionKey.GetOrCreate(
                 encryptionKeyWrapMetadata.Name,
                 encryptionKeyWrapMetadata.Value,
@@ -192,6 +203,17 @@ public static async Task<ClientEncryptionKeyResponse> RewrapClientEncryptionKeyA
                     + " Please refer to https://aka.ms/CosmosClientEncryption for more details.");
             }
 
+            if (string.Equals(encryptionCosmosClient.KeyEncryptionKeyResolverName, KeyEncryptionKeyResolverName.AzureKeyVault))
+            {
+                // https://KEYVAULTNAME.vault.azure.net/keys/KEYNAME/ID
+                string[] keyVaultUriSegments = new Uri(newEncryptionKeyWrapMetadata.Value).Segments;
+
+                if (keyVaultUriSegments.Length != 4 || !string.Equals(keyVaultUriSegments[1], "keys/", StringComparison.InvariantCultureIgnoreCase))
+                {
+                    throw new ArgumentException($"Invalid key vault uri'{newEncryptionKeyWrapMetadata.Value}' passed. Pass the complete Azure keyvault key identifier. Please refer to https://aka.ms/CosmosClientEncryption for more details.");
+                }
+            }
+
             ClientEncryptionKeyProperties clientEncryptionKeyProperties = await clientEncryptionKey.ReadAsync(cancellationToken: cancellationToken);
 
             RequestOptions requestOptions = new RequestOptions
diff --git a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
index 6ab6d8c333..b7ffd6789e 100644
--- a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
@@ -296,6 +296,69 @@ await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
                 if (ex is CosmosException cosmosException)
                     Assert.AreEqual(HttpStatusCode.Conflict, cosmosException.StatusCode);
             }
+
+            cekId = "testAkvKid";
+            CosmosClient client = TestCommon.CreateCosmosClient();
+            TestKeyEncryptionKeyResolver testKeyEncryptionKeyResolver = new TestKeyEncryptionKeyResolver();
+
+            EncryptionKeyWrapMetadata metadata = MdeEncryptionTests.CreateEncryptionKeyWrapMetadata(KeyEncryptionKeyResolverName.AzureKeyVault, "key1", "https://testkeyvault.vault.azure.net/keys/testkey/12345678");
+
+            CosmosClient encryptionCosmosClient = client.WithEncryption(
+                testKeyEncryptionKeyResolver,
+                KeyEncryptionKeyResolverName.AzureKeyVault,
+                TimeSpan.Zero);
+
+            Database database = await encryptionCosmosClient.CreateDatabaseAsync(Guid.NewGuid().ToString());
+
+            ClientEncryptionKeyResponse clientEncrytionKeyResponse = await database.CreateClientEncryptionKeyAsync(
+                    cekId,
+                    DataEncryptionAlgorithm.AeadAes256CbcHmacSha256,
+                    metadata);
+
+            Assert.AreEqual(HttpStatusCode.Created, clientEncrytionKeyResponse.StatusCode);
+
+            metadata = MdeEncryptionTests.CreateEncryptionKeyWrapMetadata(KeyEncryptionKeyResolverName.AzureKeyVault, "key1", "https://testkeyvault.vault.azure.net/keys/testkey/9101112");
+
+            clientEncrytionKeyResponse = await database.RewrapClientEncryptionKeyAsync(
+                  cekId,
+                  metadata);
+
+            Assert.AreEqual(HttpStatusCode.OK, clientEncrytionKeyResponse.StatusCode);
+
+            // complete key identifier not passed
+            metadata = MdeEncryptionTests.CreateEncryptionKeyWrapMetadata(KeyEncryptionKeyResolverName.AzureKeyVault, "key1", "https://testkeyvault.vault.azure.net/keys/testkey");
+
+            try
+            {
+                clientEncrytionKeyResponse = await database.CreateClientEncryptionKeyAsync(
+                   cekId,
+                   DataEncryptionAlgorithm.AeadAes256CbcHmacSha256,
+                   metadata);
+
+                Assert.Fail("Key creation should have failed.");
+
+            }
+            catch(Exception ex)
+            {
+                Assert.AreEqual(ex.Message.Contains("Invalid key vault uri"), true);
+            }
+
+            // rewrap old key with new key vault uri without complete key identifier
+            try
+            {
+                clientEncrytionKeyResponse = await database.RewrapClientEncryptionKeyAsync(
+                  cekId,
+                  metadata);
+
+                Assert.Fail("Key rewrap should have failed.");
+
+            }
+            catch (Exception ex)
+            {
+                Assert.AreEqual(ex.Message.Contains("Invalid key vault uri"), true);
+            }
+
+            encryptionCosmosClient.Dispose();
         }
 
         [TestMethod]

From 607a71a7ba7b14554d813d5419ccea550020a991 Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Wed, 4 Jan 2023 11:22:24 +0530
Subject: [PATCH 2/8] test fix.

---
 .../src/Microsoft.Azure.Cosmos.Encryption.csproj              | 4 ++--
 .../tests/EmulatorTests/MdeEncryptionTests.cs                 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
index 6aa1f85932..5c687cf6a7 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
+++ b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
@@ -28,11 +28,11 @@
   </ItemGroup>
 	
   <ItemGroup Condition=" '$(SdkProjectRef)' != 'True' AND '$(IsPreview)' != 'True' ">
-    <PackageReference Include="Microsoft.Azure.Cosmos" Version="[3.28.0,3.29)" />
+    <PackageReference Include="Microsoft.Azure.Cosmos" Version="[3.28.0,3.31)" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(SdkProjectRef)' != 'True' AND '$(IsPreview)' == 'True' ">
-    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.28.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.31.2-preview" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(SdkProjectRef)' == 'True' ">
diff --git a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
index b7ffd6789e..722dee3210 100644
--- a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
@@ -340,7 +340,7 @@ await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
             }
             catch(Exception ex)
             {
-                Assert.AreEqual(ex.Message.Contains("Invalid key vault uri"), true);
+                Assert.AreEqual(true, ex.Message.Contains("Invalid key vault uri"));
             }
 
             // rewrap old key with new key vault uri without complete key identifier
@@ -355,7 +355,7 @@ await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
             }
             catch (Exception ex)
             {
-                Assert.AreEqual(ex.Message.Contains("Invalid key vault uri"), true);
+                Assert.AreEqual(true, ex.Message.Contains("Invalid key vault uri"));
             }
 
             encryptionCosmosClient.Dispose();

From 6d24f23176d634420add056cf38b51de574bed50 Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Wed, 11 Jan 2023 17:46:07 +0530
Subject: [PATCH 3/8] update changelog and build props

---
 Directory.Build.props                          |  4 ++--
 Microsoft.Azure.Cosmos.Encryption/changelog.md | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 651e1f89e5..5cfee5917a 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -5,9 +5,9 @@
 		<ClientPreviewVersion>3.31.2</ClientPreviewVersion>
 		<ClientPreviewSuffixVersion>preview</ClientPreviewSuffixVersion>
 		<DirectVersion>3.29.4</DirectVersion>
-		<EncryptionOfficialVersion>2.0.0</EncryptionOfficialVersion>
+		<EncryptionOfficialVersion>2.0.1</EncryptionOfficialVersion>
 		<EncryptionPreviewVersion>2.0.0</EncryptionPreviewVersion>
-		<EncryptionPreviewSuffixVersion>preview</EncryptionPreviewSuffixVersion>
+		<EncryptionPreviewSuffixVersion>preview02</EncryptionPreviewSuffixVersion>
 		<CustomEncryptionVersion>1.0.0-preview04</CustomEncryptionVersion>
 		<HybridRowVersion>1.1.0-preview3</HybridRowVersion>
 		<LangVersion>10.0</LangVersion>
diff --git a/Microsoft.Azure.Cosmos.Encryption/changelog.md b/Microsoft.Azure.Cosmos.Encryption/changelog.md
index e3274bce7e..74db71b965 100644
--- a/Microsoft.Azure.Cosmos.Encryption/changelog.md
+++ b/Microsoft.Azure.Cosmos.Encryption/changelog.md
@@ -3,6 +3,16 @@ Preview features are treated as a separate branch and will not be included in th
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### <a name="2.0.1"/> [2.0.1](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/2.0.1) - 2023-03-11
+
+#### Added
+- [#3642](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/3642) Adds validation code to check if the Key Vault URI provided in wrap metadata is a valid key identifier.
+
+### <a name="2.0.0-previewV02"/> [2.0.0-preview02](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/2.0.0-preview02) - 2023-01-11
+
+#### Added
+- [#3642](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/3642) Adds validation code to check if the Key Vault URI provided in wrap metadata is a valid key identifier.
+
 ### <a name="2.0.0"/> [2.0.0](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/2.0.0) - 2022-06-28
 
 #### Added

From 72d33b66d4d3383f4c5861c24fa9537dd226d20a Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Thu, 12 Jan 2023 12:49:47 +0530
Subject: [PATCH 4/8] Update Directory.Build.props

---
 Directory.Build.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 5cfee5917a..2826ef3905 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -4,7 +4,7 @@
 		<ClientOfficialVersion>3.31.2</ClientOfficialVersion>
 		<ClientPreviewVersion>3.31.2</ClientPreviewVersion>
 		<ClientPreviewSuffixVersion>preview</ClientPreviewSuffixVersion>
-		<DirectVersion>3.29.4</DirectVersion>
+		<DirectVersion>3.30.0</DirectVersion>
 		<EncryptionOfficialVersion>2.0.1</EncryptionOfficialVersion>
 		<EncryptionPreviewVersion>2.0.0</EncryptionPreviewVersion>
 		<EncryptionPreviewSuffixVersion>preview02</EncryptionPreviewSuffixVersion>

From bb1bebf9aa5a0a84d8b6c3f7410d1088648fd1aa Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Fri, 13 Jan 2023 12:36:13 +0530
Subject: [PATCH 5/8] Update Microsoft.Azure.Cosmos.Encryption.csproj

---
 .../src/Microsoft.Azure.Cosmos.Encryption.csproj                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
index 5c687cf6a7..9fe41b765f 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
+++ b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
@@ -28,7 +28,7 @@
   </ItemGroup>
 	
   <ItemGroup Condition=" '$(SdkProjectRef)' != 'True' AND '$(IsPreview)' != 'True' ">
-    <PackageReference Include="Microsoft.Azure.Cosmos" Version="[3.28.0,3.31)" />
+    <PackageReference Include="Microsoft.Azure.Cosmos" Version="[3.31.0,3.32)" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(SdkProjectRef)' != 'True' AND '$(IsPreview)' == 'True' ">

From 4618dd79d9ff67ebac6b65bb6db601bd791d65d9 Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Mon, 16 Jan 2023 08:21:46 +0530
Subject: [PATCH 6/8] Fixed preview version

---
 Directory.Build.props                          | 4 ++--
 Microsoft.Azure.Cosmos.Encryption/changelog.md | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 2826ef3905..0df6801985 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -6,8 +6,8 @@
 		<ClientPreviewSuffixVersion>preview</ClientPreviewSuffixVersion>
 		<DirectVersion>3.30.0</DirectVersion>
 		<EncryptionOfficialVersion>2.0.1</EncryptionOfficialVersion>
-		<EncryptionPreviewVersion>2.0.0</EncryptionPreviewVersion>
-		<EncryptionPreviewSuffixVersion>preview02</EncryptionPreviewSuffixVersion>
+		<EncryptionPreviewVersion>2.0.1</EncryptionPreviewVersion>
+		<EncryptionPreviewSuffixVersion>preview</EncryptionPreviewSuffixVersion>
 		<CustomEncryptionVersion>1.0.0-preview04</CustomEncryptionVersion>
 		<HybridRowVersion>1.1.0-preview3</HybridRowVersion>
 		<LangVersion>10.0</LangVersion>
diff --git a/Microsoft.Azure.Cosmos.Encryption/changelog.md b/Microsoft.Azure.Cosmos.Encryption/changelog.md
index 74db71b965..a5e7101074 100644
--- a/Microsoft.Azure.Cosmos.Encryption/changelog.md
+++ b/Microsoft.Azure.Cosmos.Encryption/changelog.md
@@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 #### Added
 - [#3642](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/3642) Adds validation code to check if the Key Vault URI provided in wrap metadata is a valid key identifier.
 
-### <a name="2.0.0-previewV02"/> [2.0.0-preview02](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/2.0.0-preview02) - 2023-01-11
+### <a name="2.0.1-preview"/> [2.0.1-preview](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/2.0.1-preview) - 2023-01-11
 
 #### Added
 - [#3642](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/3642) Adds validation code to check if the Key Vault URI provided in wrap metadata is a valid key identifier.

From 1a44a9cac8a6d8589c1fc82dddec8d481c7cf58c Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Mon, 16 Jan 2023 11:06:56 +0530
Subject: [PATCH 7/8] Refactor

---
 .../src/EncryptionDatabaseExtensions.cs                       | 4 ++--
 .../tests/EmulatorTests/MdeEncryptionTests.cs                 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
index da12f3faa2..d60b7e1589 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
@@ -98,7 +98,7 @@ public static async Task<ClientEncryptionKeyResponse> CreateClientEncryptionKeyA
 
                 if (keyVaultUriSegments.Length != 4 || !string.Equals(keyVaultUriSegments[1], "keys/", StringComparison.InvariantCultureIgnoreCase))
                 {
-                    throw new ArgumentException($"Invalid key vault uri'{encryptionKeyWrapMetadata.Value}' passed. Pass the complete Azure keyvault key identifier. Please refer to https://aka.ms/CosmosClientEncryption for more details.");
+                    throw new ArgumentException($"Invalid Key Vault URI'{encryptionKeyWrapMetadata.Value}' passed. Pass the complete Azure keyvault key identifier. Please refer to https://aka.ms/CosmosClientEncryption for more details.");
                 }
             }
 
@@ -210,7 +210,7 @@ public static async Task<ClientEncryptionKeyResponse> RewrapClientEncryptionKeyA
 
                 if (keyVaultUriSegments.Length != 4 || !string.Equals(keyVaultUriSegments[1], "keys/", StringComparison.InvariantCultureIgnoreCase))
                 {
-                    throw new ArgumentException($"Invalid key vault uri'{newEncryptionKeyWrapMetadata.Value}' passed. Pass the complete Azure keyvault key identifier. Please refer to https://aka.ms/CosmosClientEncryption for more details.");
+                    throw new ArgumentException($"Invalid Key Vault URI'{newEncryptionKeyWrapMetadata.Value}' passed. Pass the complete Azure keyvault key identifier. Please refer to https://aka.ms/CosmosClientEncryption for more details.");
                 }
             }
 
diff --git a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
index 722dee3210..65efd425aa 100644
--- a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
@@ -340,7 +340,7 @@ await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
             }
             catch(Exception ex)
             {
-                Assert.AreEqual(true, ex.Message.Contains("Invalid key vault uri"));
+                Assert.AreEqual(true, ex.Message.Contains("Invalid Key Vault URI"));
             }
 
             // rewrap old key with new key vault uri without complete key identifier
@@ -355,7 +355,7 @@ await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
             }
             catch (Exception ex)
             {
-                Assert.AreEqual(true, ex.Message.Contains("Invalid key vault uri"));
+                Assert.AreEqual(true, ex.Message.Contains("Invalid Key Vault URI"));
             }
 
             encryptionCosmosClient.Dispose();

From 2c1c6d12c1caf28b4fdc59070d3a2020c4b75361 Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Mon, 16 Jan 2023 11:09:40 +0530
Subject: [PATCH 8/8] Update EncryptionDatabaseExtensions.cs

---
 .../src/EncryptionDatabaseExtensions.cs                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
index d60b7e1589..f867921946 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionDatabaseExtensions.cs
@@ -93,7 +93,7 @@ public static async Task<ClientEncryptionKeyResponse> CreateClientEncryptionKeyA
 
             if (string.Equals(encryptionCosmosClient.KeyEncryptionKeyResolverName, KeyEncryptionKeyResolverName.AzureKeyVault))
             {
-                // https://KEYVAULTNAME.vault.azure.net/keys/KEYNAME/ID
+                // https://KEYVAULTNAME.vault.azure.net/keys/KEYNAME/KEYVERSION
                 string[] keyVaultUriSegments = new Uri(encryptionKeyWrapMetadata.Value).Segments;
 
                 if (keyVaultUriSegments.Length != 4 || !string.Equals(keyVaultUriSegments[1], "keys/", StringComparison.InvariantCultureIgnoreCase))
@@ -205,7 +205,7 @@ public static async Task<ClientEncryptionKeyResponse> RewrapClientEncryptionKeyA
 
             if (string.Equals(encryptionCosmosClient.KeyEncryptionKeyResolverName, KeyEncryptionKeyResolverName.AzureKeyVault))
             {
-                // https://KEYVAULTNAME.vault.azure.net/keys/KEYNAME/ID
+                // https://KEYVAULTNAME.vault.azure.net/keys/KEYNAME/KEYVERSION
                 string[] keyVaultUriSegments = new Uri(newEncryptionKeyWrapMetadata.Value).Segments;
 
                 if (keyVaultUriSegments.Length != 4 || !string.Equals(keyVaultUriSegments[1], "keys/", StringComparison.InvariantCultureIgnoreCase))