Tink Java has 4 Maven artifacts, all are in the com.google.crypto.tink group.
The core of Tink built for server-side applications. It only depends on
com.google.code.gson:gson
and
com.google.protobuf:protobuf-java.
Similar to tink but is built for Android applicationss.
This build includes an embeded copy
com.google.protobuf:protobuf-lite,
which is renamed to be com.google.crypto.tink.shaded.protobuf. This is done to
avoid dependency conflicts with other common dependencies that depend on a
conflicting version (e.g. Firebase).
A plugin for the tink artifact that integrates Tink with AWS KMS.
A plugin for the tink artifact that integrates Tink with GCP KMS.
./maven/publish_snapshot.shThis command publishes latest snapshots to Maven, and their Javadocs to https://google.github.io/tink.
Snapshots are automatically published for every new commit to the master branch of https://github.com/google/tink.
./maven/test_snapshot.shNew snapshots are also automatically tested for every new commit to the master branch of https://github.com/google/tink.
This should be considered only when there is no other option, 'cause adding dependency makes Tink bloated and less secure. If a dependency got tampered with, Tink would also be affected.
This process consists of 3 steps:
-
To add a dependency for an artifact, you add it to the artifact's
pom.xml. For example, thecom.google.crypto.tink:tinkartifact usestink.pom.xml. You should always depend on the latest version of the dependency on Maven Central. -
Next, you want to publish a new snapshot of the artifact with the new dependency.
-
Then you want to test the new snapshot.
You want to repeat these steps until there is no error.