Sirr.Client 0.1.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Sirr.Client --version 0.1.0
                    


                    

                
NuGet\Install-Package Sirr.Client -Version 0.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Sirr.Client" Version="0.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Sirr.Client" Version="0.1.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Sirr.Client" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Sirr.Client --version 0.1.0
                    


                    

                
#r "nuget: Sirr.Client, 0.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Sirr.Client@0.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Sirr.Client&version=0.1.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Sirr.Client&version=0.1.0
                    


                            Install as a Cake Tool

CI NuGet License: MIT

Sirr.Client (.NET)

Ephemeral secrets for .NET AI applications. Credentials that expire by design.

Sirr.Client is the .NET client for Sirr — a self-hosted vault where every secret expires by read count, by time, or both. Built for .NET applications using Semantic Kernel, Microsoft.Extensions.AI, Azure OpenAI SDK, or any AI orchestration layer that needs scoped, disposable credentials.

The Problem It Solves

.NET enterprise applications increasingly embed AI agents for document processing, customer service, data analysis, and internal tooling. These agents need real credentials: connection strings, API keys, service tokens. The standard .NET approach — IConfiguration, Azure Key Vault, AWS Secrets Manager — stores those credentials permanently and requires manual rotation.

Sirr provides a different abstraction: credentials that self-destruct after the agent is done. You define the maximum lifetime and read budget. The server enforces it. You don't need to schedule cleanup jobs or remember to revoke.

// Give the agent exactly 1 read of the connection string — 30-minute window
await sirr.PushAsync("COSMOS_URL", connectionString, reads: 1, ttl: TimeSpan.FromMinutes(30));

// Agent reads it → read counter hits 1 → record deleted
var url = await sirr.GetAsync("COSMOS_URL");  // returns value
url = await sirr.GetAsync("COSMOS_URL");      // returns null — burned

Install

dotnet add package Sirr.Client

Targets .NET 8+. No third-party HTTP dependencies — built on System.Net.Http and System.Text.Json.

Usage

using Sirr;

var sirr = new SirrClient(new SirrOptions
{
    Server = Environment.GetEnvironmentVariable("SIRR_SERVER") ?? "http://localhost:8080",
    Token  = Environment.GetEnvironmentVariable("SIRR_TOKEN")!,
});

// Push a one-time secret
await sirr.PushAsync("API_KEY", "sk-...", ttl: TimeSpan.FromHours(1), reads: 1);

// Retrieve — null if burned or expired
string? value = await sirr.GetAsync("API_KEY");

// Pull all into a dictionary
IDictionary<string, string> secrets = await sirr.PullAllAsync();

// Delete immediately
await sirr.DeleteAsync("API_KEY");

// List active secrets (metadata only — values never returned by list)
IReadOnlyList<SecretMeta> list = await sirr.ListAsync();

// Prune expired secrets
int pruned = await sirr.PruneAsync();

Dependency Injection

// Program.cs
builder.Services.AddSirrClient(options =>
{
    options.Server = builder.Configuration["Sirr:Server"]!;
    options.Token  = builder.Configuration["Sirr:Token"]!;
});

// Inject ISirrClient anywhere
public class AgentService(ISirrClient sirr)
{
    public async Task RunAsync()
    {
        var key = await sirr.GetAsync("AGENT_KEY");
        // ...
    }
}

AI Workflows

Semantic Kernel plugin with scoped credential

using Microsoft.SemanticKernel;

public class DatabasePlugin(ISirrClient sirr)
{
    [KernelFunction, Description("Query the production database")]
    public async Task<string> QueryAsync(string sql)
    {
        var connStr = await sirr.GetAsync("AGENT_DB");
        if (connStr is null) throw new InvalidOperationException("DB credential expired or already used");

        await using var conn = new NpgsqlConnection(connStr);
        // run query...
    }
}

Azure OpenAI agent with burn-after-use API key

// Push a time-limited key before starting the agent session
await sirr.PushAsync("AOAI_KEY", openAiKey, reads: 1, ttl: TimeSpan.FromMinutes(60));

var client = new AzureOpenAIClient(
    new Uri(endpoint),
    new AzureKeyCredential(await sirr.GetAsync("AOAI_KEY") ?? throw new Exception("Key expired"))
);

// Key was consumed on GetAsync — it no longer exists in Sirr

Microsoft.Extensions.AI with temporary credentials

// Inject secrets into an AI pipeline scope
await using var scope = await sirr.CreateEnvScopeAsync(); // sets env vars
// All Sirr secrets available as environment variables within this scope
await RunAgentPipelineAsync();
// Scope disposed — env vars removed

Hosted Service with read-budget enforcement

public class DataIngestionService(ISirrClient sirr) : BackgroundService
{
    protected override async Task ExecuteAsync(CancellationToken ct)
    {
        // Push a credential valid for 5 reads — retry-safe
        await sirr.PushAsync("SOURCE_API_KEY", apiKey, reads: 5, ttl: TimeSpan.FromHours(2));

        for (int i = 0; i < 5; i++)
        {
            var key = await sirr.GetAsync("SOURCE_API_KEY", ct);
            if (key is null) break; // budget exhausted
            await IngestBatch(key, ct);
        }
    }
}
Package Description
sirr Rust monorepo: sirrd server + sirr CLI
@sirrlock/mcp MCP server for AI assistants
@sirrlock/node Node.js / TypeScript SDK
sirr (PyPI) Python SDK
sirr.dev Documentation
sirrlock.com Managed cloud + license keys
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.0 0 3/2/2026