From ab05d26f0b94229daf081cd41d120e223f857c6c Mon Sep 17 00:00:00 2001
From: Yuya Ebihara <ebyhry@gmail.com>
Date: Fri, 1 May 2026 14:36:54 +0900
Subject: [PATCH 1/2] Azure: Avoid depending on KeyWrapAlgorithm in
 AzureProperties

---
 .../java/org/apache/iceberg/azure/AzureProperties.java   | 9 +++------
 .../azure/keymanagement/AzureKeyManagementClient.java    | 3 ++-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java b/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
index 73e99e029221..27fdcf5cf2dc 100644
--- a/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
+++ b/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
@@ -21,7 +21,6 @@
 import com.azure.core.credential.AccessToken;
 import com.azure.core.credential.TokenCredential;
 import com.azure.core.credential.TokenRequestContext;
-import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
 import com.azure.storage.common.StorageSharedKeyCredential;
 import com.azure.storage.file.datalake.DataLakeFileSystemClientBuilder;
 import java.io.Serializable;
@@ -135,9 +134,7 @@ public AzureProperties(Map<String, String> properties) {
     }
 
     this.keyWrapAlgorithm =
-        properties.getOrDefault(
-            AzureProperties.AZURE_KEYVAULT_KEY_WRAP_ALGORITHM,
-            KeyWrapAlgorithm.RSA_OAEP_256.getValue());
+        properties.getOrDefault(AzureProperties.AZURE_KEYVAULT_KEY_WRAP_ALGORITHM, "RSA-OAEP-256");
   }
 
   public Optional<Integer> adlsReadBlockSize() {
@@ -204,8 +201,8 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
     }
   }
 
-  public KeyWrapAlgorithm keyWrapAlgorithm() {
-    return KeyWrapAlgorithm.fromString(this.keyWrapAlgorithm);
+  public String keyWrapAlgorithm() {
+    return this.keyWrapAlgorithm;
   }
 
   public Optional<String> keyVaultUrl() {
diff --git a/azure/src/main/java/org/apache/iceberg/azure/keymanagement/AzureKeyManagementClient.java b/azure/src/main/java/org/apache/iceberg/azure/keymanagement/AzureKeyManagementClient.java
index 66bf0678bce9..498c432212c5 100644
--- a/azure/src/main/java/org/apache/iceberg/azure/keymanagement/AzureKeyManagementClient.java
+++ b/azure/src/main/java/org/apache/iceberg/azure/keymanagement/AzureKeyManagementClient.java
@@ -80,7 +80,8 @@ private ClientState state() {
               keyClientBuilder
                   .credential(AdlsTokenCredentialProviders.from(allProperties).credential())
                   .buildClient();
-          KeyWrapAlgorithm keyWrapAlgorithm = azureProperties.keyWrapAlgorithm();
+          KeyWrapAlgorithm keyWrapAlgorithm =
+              KeyWrapAlgorithm.fromString(azureProperties.keyWrapAlgorithm());
           state = new ClientState(keyClient, keyWrapAlgorithm);
         }
       }

From 167cea05ce8169b14004a775c88c2634a83d5662 Mon Sep 17 00:00:00 2001
From: Yuya Ebihara <ebyhry@gmail.com>
Date: Fri, 1 May 2026 15:34:09 +0900
Subject: [PATCH 2/2] fixup! Azure: Avoid depending on KeyWrapAlgorithm in
 AzureProperties

---
 .../main/java/org/apache/iceberg/azure/AzureProperties.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java b/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
index 27fdcf5cf2dc..383bec30111b 100644
--- a/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
+++ b/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
@@ -52,6 +52,9 @@ public class AzureProperties implements Serializable {
   public static final String AZURE_KEYVAULT_KEY_WRAP_ALGORITHM =
       "azure.keyvault.key-wrap-algorithm";
 
+  // Must match KeyWrapAlgorithm.RSA_OAEP_256.getValue() from azure-security-keyvault-keys
+  private static final String DEFAULT_KEY_WRAP_ALGORITHM = "RSA-OAEP-256";
+
   /**
    * Configure the ADLS token credential provider used to get {@link TokenCredential}. A fully
    * qualified concrete class with package that implements the {@link AdlsTokenCredentialProvider}
@@ -134,7 +137,8 @@ public AzureProperties(Map<String, String> properties) {
     }
 
     this.keyWrapAlgorithm =
-        properties.getOrDefault(AzureProperties.AZURE_KEYVAULT_KEY_WRAP_ALGORITHM, "RSA-OAEP-256");
+        properties.getOrDefault(
+            AzureProperties.AZURE_KEYVAULT_KEY_WRAP_ALGORITHM, DEFAULT_KEY_WRAP_ALGORITHM);
   }
 
   public Optional<Integer> adlsReadBlockSize() {