Thanks for the feedback! I've switched to io.github.jopenlibs:vault-java-driver for now.
Rewriting it using the existing HTTP client is also an option if minimizing dependencies is important. The usage isn't particularly complex, so I don't expect a high maintenance cost. I believe the Spring Framework takes a similar approach. On Tue, Apr 28, 2026 at 9:29 PM Romain Manni-Bucau <[email protected]> wrote: > Hi, > > why not just reusing http client already there in the stack (for rest > catalog)? for the token a side car can be a simple first step else it is > not crazy to do in plain java without any particular dep > > Romain Manni-Bucau > @rmannibucau <https://x.com/rmannibucau> | .NET Blog > <https://dotnetbirdie.github.io/> | Blog <https://rmannibucau.github.io/> | > Old Blog <http://rmannibucau.wordpress.com> | Github > <https://github.com/rmannibucau> | LinkedIn > <https://www.linkedin.com/in/rmannibucau> | Book > <https://www.packtpub.com/en-us/product/java-ee-8-high-performance-9781788473064> > Javaccino founder (Java/.NET service - contact via linkedin) > > > Le mar. 28 avr. 2026 à 13:45, Steve Loughran <[email protected]> a > écrit : > >> >> >> On Tue, 28 Apr 2026 at 01:18, Yuya Ebihara < >> [email protected]> wrote: >> >>> >>> >>> - Are there any concerns about introducing a dependency on the Vault >>> client library? >>> >>> >>> I worry about all dependencies these days -as every library is >> effectively a CVE subscription. >> >> That bettercloud driver is 7 years old and depends on out of date >> versions of bouncycastle and more >> >> https://mvnrepository.com/artifact/com.bettercloud/vault-java-driver/5.1.0/dependencies >> >> >> Those same people now appear to be working on s different project >> https://mvnrepository.com/artifact/io.github.jopenlibs/vault-java-driver >> >
