Hi all, I have two comments regarding the use of io.github.jopenlibs:vault-java-driver:
- The last commit was four months ago, which is acceptable if the project is mature and stable. - It uses the MIT license (Category A), which is compatible. That said, since our client requirements do not appear to be overly complex, I believe it is worth leveraging our existing HTTP client instead. This would allow us to utilize dependencies we already have in the stack. Regards, JB On Tue, Apr 28, 2026 at 2:47 PM Yuya Ebihara <[email protected]> wrote: > Thanks for the feedback! > > I've switched to io.github.jopenlibs:vault-java-driver for now. > > Rewriting it using the existing HTTP client is also an option if > minimizing dependencies is important. > The usage isn't particularly complex, so I don't expect a high > maintenance cost. > I believe the Spring Framework takes a similar approach. > > On Tue, Apr 28, 2026 at 9:29 PM Romain Manni-Bucau <[email protected]> > wrote: > >> Hi, >> >> why not just reusing http client already there in the stack (for rest >> catalog)? for the token a side car can be a simple first step else it is >> not crazy to do in plain java without any particular dep >> >> Romain Manni-Bucau >> @rmannibucau <https://x.com/rmannibucau> | .NET Blog >> <https://dotnetbirdie.github.io/> | Blog <https://rmannibucau.github.io/> | >> Old Blog <http://rmannibucau.wordpress.com> | Github >> <https://github.com/rmannibucau> | LinkedIn >> <https://www.linkedin.com/in/rmannibucau> | Book >> <https://www.packtpub.com/en-us/product/java-ee-8-high-performance-9781788473064> >> Javaccino founder (Java/.NET service - contact via linkedin) >> >> >> Le mar. 28 avr. 2026 à 13:45, Steve Loughran <[email protected]> a >> écrit : >> >>> >>> >>> On Tue, 28 Apr 2026 at 01:18, Yuya Ebihara < >>> [email protected]> wrote: >>> >>>> >>>> >>>> - Are there any concerns about introducing a dependency on the >>>> Vault client library? >>>> >>>> >>>> I worry about all dependencies these days -as every library is >>> effectively a CVE subscription. >>> >>> That bettercloud driver is 7 years old and depends on out of date >>> versions of bouncycastle and more >>> >>> https://mvnrepository.com/artifact/com.bettercloud/vault-java-driver/5.1.0/dependencies >>> >>> >>> Those same people now appear to be working on s different project >>> https://mvnrepository.com/artifact/io.github.jopenlibs/vault-java-driver >>> >>
