Sekiban.Cloud.Client
1.0.0-preview.1
dotnet add package Sekiban.Cloud.Client --version 1.0.0-preview.1
NuGet\Install-Package Sekiban.Cloud.Client -Version 1.0.0-preview.1
<PackageReference Include="Sekiban.Cloud.Client" Version="1.0.0-preview.1" />
<PackageVersion Include="Sekiban.Cloud.Client" Version="1.0.0-preview.1" />
<PackageReference Include="Sekiban.Cloud.Client" />
paket add Sekiban.Cloud.Client --version 1.0.0-preview.1
#r "nuget: Sekiban.Cloud.Client, 1.0.0-preview.1"
#:package Sekiban.Cloud.Client@1.0.0-preview.1
#addin nuget:?package=Sekiban.Cloud.Client&version=1.0.0-preview.1&prerelease
#tool nuget:?package=Sekiban.Cloud.Client&version=1.0.0-preview.1&prerelease
Sekiban.Cloud.Client
SKS-G770: Credentialed ISekibanExecutor client for Sekiban Cloud (managed)
and credentialed self-hosted Sekiban Runtime.
This is the credentialed, multi-tenant client: credentials are mandatory and
the handler fails fast when they are missing (no silent no-auth fallback). For
no-auth, single-tenant access use the OSS Sekiban.Dcb.WasmRuntime.Remote client
instead — the distinguishing axis is credentialed vs no-auth, not cloud vs local.
Provides AddSekibanCloudExecutor — a single DI registration call that wires up the
ISekibanExecutor interface from IConfiguration (user-secrets / environment variables)
with no application code branches required.
Minimal C# Setup
// Program.cs — Sekiban Cloud client registration.
// Reads all four SekibanCloud:* keys from IConfiguration (user-secrets / env vars).
services.AddSekibanCloudExecutor(
domainTypes: MyDomainTypes.Create(), // your DcbDomainTypes
configuration: configuration // IConfiguration root
);
That is the entire setup. Application command and query code is identical across
backends — the only difference is which executor is registered (see the canonical
explicit-if sample in Sekiban.Dcb.Runtime.ConfigurationBootstrapSample).
Configuration Keys
All four keys are read from the SekibanCloud configuration section (the legacy
SaasRuntime section is still read for one version, logged as deprecated).
Use user-secrets for local development, environment variables for CI/deployment.
| Config key | Env var | Purpose |
|---|---|---|
SekibanCloud:BaseUrl |
SEKIBANCLOUD__BASEURL |
Base URL of the Sekiban Cloud or self-hosted runtime |
SekibanCloud:ServiceId |
SEKIBANCLOUD__SERVICEID |
Your tenant's service ID |
SekibanCloud:CredentialId |
SEKIBANCLOUD__CREDENTIALID |
Credential ID issued by management API |
SekibanCloud:CredentialSecret |
SEKIBANCLOUD__CREDENTIALSECRET |
One-time credential secret (never commit) |
Set via user-secrets (local development)
cd samples/YourApp
dotnet user-secrets set "SekibanCloud:BaseUrl" "http://127.0.0.1:5201"
dotnet user-secrets set "SekibanCloud:ServiceId" "svc-your-service"
dotnet user-secrets set "SekibanCloud:CredentialId" "cred-your-credential"
dotnet user-secrets set "SekibanCloud:CredentialSecret" "<secret-from-management-api>"
The credential secret is never written to any source file. Use dotnet user-secrets
for local development and a secret provider (e.g. Azure Key Vault) for production.
Set via environment variables (CI / deployment)
export SEKIBANCLOUD__BASEURL="https://runtime.example.com"
export SEKIBANCLOUD__SERVICEID="svc-your-service"
export SEKIBANCLOUD__CREDENTIALID="cred-your-credential"
export SEKIBANCLOUD__CREDENTIALSECRET="<secret>"
Explicit backend selection
Choose the backend with an explicit if/#if in your app code — no config-magic
auto-branch. The canonical sample selects among three options, each failing fast on its
own misconfiguration:
// InMemory (local dev), Sekiban Cloud (credentialed), or no-auth self-host.
if (backend == Backend.InMemory)
services.AddSingleton<ISekibanExecutor>(_ => new InMemoryDcbExecutor(domainTypes));
else if (backend == Backend.SekibanCloud)
services.AddSekibanCloudExecutor(domainTypes, configuration); // credentialed, fail-fast
// else if (backend == Backend.RemoteNoAuth)
// /* OSS Sekiban.Dcb.WasmRuntime.Remote — no credentials */
Public API Surface
| Type | Purpose |
|---|---|
SekibanCloudClientOptions |
Config binding record for SekibanCloud:* keys |
SekibanCloudCredentialHandler |
DelegatingHandler that injects X-Sekiban-* headers (fail-fast on missing creds) |
SekibanCloudClientExtensions |
AddSekibanCloudCredentialHandler, AddSekibanCloudExecutor |
SekibanCloudExecutor |
ISekibanExecutor over serialized Sekiban Cloud HTTP routes |
Security Constraints
CredentialSecretis never logged — the handler log statement emits only non-secret fields.- Exception messages from validation also omit the secret value.
- Credentials are mandatory: the handler throws on missing
CredentialId/CredentialSecretrather than producing a silent 401/403 or falling back to no-auth. - Use
dotnet user-secretsfor local dev; never commit secrets to source control.
One-Command Local Provisioning
When working with the full local stack (management API + runtime):
bash samples/SekibanAsAService.SampleApp/provision-local-dev.sh
This provisions a service + credential and writes the four SekibanCloud:* user-secrets
in a single step. The credential secret is written only to dotnet user-secrets (never
to any file or log).
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Microsoft.Extensions.Http (>= 10.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.3)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 10.0.0)
- Sekiban.Dcb.WithoutResult (>= 10.2.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0-preview.1 | 75 | 6/29/2026 |