Skip to main content
Version: 1.x

Command-Line Help for wasmcloud

The wasmcloud binary runs and manages a wasmCloud host. It is typically used by platform engineers and operators; application developers usually interact with wasmCloud through wasmCloud Shell (wash), which runs a local wasmCloud host using the wash up subcommand.

Host configuration options can also be set via environment variables—see the host configuration reference for more information.

Many of the options on this page may also be passed to a local wasmCloud host running through wash up.

This document contains all options that can be used to configure the wasmCloud host, in the following format:

--command-line-argument <VALUE> - Explanation

Command Overview:

wasmcloud

wasmCloud host runtime

Usage: wasmcloud [OPTIONS]

Options:

  • --trace-level <TRACE_LEVEL> — Controls the verbosity of traces emitted from the wasmCloud host

    Default value: INFO

  • --log-level <LOG_LEVEL> — Controls the verbosity of logs from the wasmCloud host

    Default value: INFO

  • --nats-host <NATS_HOST> — NATS server host to connect to

    Default value: 127.0.0.1

  • --nats-port <NATS_PORT> — NATS server port to connect to

    Default value: 4222

  • --nats-jwt <NATS_JWT> — A user JWT to use to authenticate to NATS

  • --nats-seed <NATS_SEED> — A seed nkey to use to authenticate to NATS

  • --nats-creds <NATS_CREDS> — A NATS credentials file that contains the JWT and seed for authenticating to NATS

  • -x, --lattice <LATTICE> — The lattice the host belongs to

    Default value: default

  • --host-seed <HOST_SEED> — The seed key (a printable 256-bit Ed25519 private key) used by this host to generate its public key

  • --provider-shutdown-delay-ms <PROVIDER_SHUTDOWN_DELAY> — Delay, in milliseconds, between requesting a provider shut down and forcibly terminating its process

    Default value: 300

  • --allow-latest — Determines whether OCI images tagged latest are allowed to be pulled from OCI registries and started

  • --allowed-insecure <ALLOWED_INSECURE> — A comma-separated list of OCI hosts to which insecure (non-TLS) connections are allowed

  • --js-domain <JS_DOMAIN> — NATS Jetstream domain name

  • --config-service-enabled — Denotes if a wasmCloud host should issue requests to a config service on startup

  • --allow-file-load — Denotes if a wasmCloud host should allow starting components from the file system

    Default value: false

  • --enable-structured-logging — Enable JSON structured logging from the wasmCloud host

  • -l, --label <LABEL> — Start the host with a set of labels, can be specified multiple times. This can alternatively be specified via environment variables prefixed with WASMCLOUD_LABEL_, e.g. WASMCLOUD_LABEL_foo=bar

  • --policy-topic <POLICY_TOPIC> — If provided, enables policy checks on start actions and component invocations

  • --policy-changes-topic <POLICY_CHANGES_TOPIC> — If provided, allows the host to subscribe to updates on past policy decisions. Requires policy_topic to be set

  • --max-execution-time-ms <MAX_EXECUTION_TIME> — If provided, allows to set a custom Max Execution time for the Host in ms

    Default value: 600000

  • --max-linear-memory-bytes <MAX_LINEAR_MEMORY> — The maximum amount of memory bytes that a component can allocate (default 256 MiB)

    Default value: 268435456

  • --max-component-size-bytes <MAX_COMPONENT_SIZE> — The maximum byte size of a component binary that can be loaded (default 50 MiB)

    Default value: 52428800

  • --max-components <MAX_COMPONENTS> — The maximum number of components that can be run simultaneously

    Default value: 10000

  • --policy-timeout-ms <POLICY_TIMEOUT_MS> — If provided, allows setting a custom timeout for requesting policy decisions. Defaults to one second. Requires policy_topic to be set

  • --secrets-topic <SECRETS_TOPIC_PREFIX> — If provided, enables interfacing with a secrets backend for secret retrieval over the given topic prefix. Must not be empty

  • --oci-registry <OCI_REGISTRY> — Used in tandem with oci_user and oci_password to override credentials for a specific OCI registry

  • --oci-user <OCI_USER> — Username for the OCI registry specified by oci_registry

  • --oci-password <OCI_PASSWORD> — Password for the OCI registry specified by oci_registry

  • --enable-observability — Determines whether observability should be enabled

  • --override-observability-endpoint <OBSERVABILITY_ENDPOINT> — Overrides the OpenTelemetry endpoint used for emitting traces, metrics and logs

  • --flame-graph <FLAME_GRAPH> — Path to generate flame graph at

  • --tls-ca-path <TLS_CA_PATHS> — Configures the set of certificate authorities as repeatable set of file paths to load into the OCI and OpenTelemetry clients

  • --ctl-host <WASMCLOUD_CTL_HOST> - An IP address or DNS name to use to connect to NATS for Control Interface (CTL) messages, defaults to the value supplied to --nats-host if not supplied.

  • --ctl-port <WASMCLOUD_CTL_PORT> - A port to use to connect to NATS for CTL messages, defaults to the value supplied to --nats-port if not supplied.

  • --ctl-jwt <WASMCLOUD_CTL_JWT> - A user JWT to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-jwt if not supplied.

  • --ctl-seed <WASMCLOUD_CTL_SEED> - A seed nkey to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-seed if not supplied.

  • --ctl-creds <WASMCLOUD_CTL_CREDS> - A NATS credentials file to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-creds or --nats-jwt and --nats-seed.

  • --ctl-tls <WASMCLOUD_CTL_TLS> - Optional flag to require host communication over TLS with a NATS server for CTL messages.

  • --ctl-topic-prefix <WASMCLOUD_CTL_TOPIC_PREFIX> - Advanced: A prefix to use for all CTL topics.

    Default value: wasmbus.ctl

  • --rpc-host <WASMCLOUD_RPC_HOST> - An IP address or DNS name to use to connect to NATS for RPC messages, defaults to the value supplied to --nats-host if not supplied.

  • --rpc-port <WASMCLOUD_PRC_PORT> - A port to use to connect to NATS for RPC messages, defaults to the value supplied to --nats-port if not supplied.

  • --rpc-jwt <WASMCLOUD_RPC_JWT> - A user JWT to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-jwt if not supplied.

  • --rpc-seed <WASMCLOUD_RPC_SEED> - A seed nkey to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-seed if not supplied.

  • --rpc-creds <WASMCLOUD_RPC_CREDS> - A NATS credentials file to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-creds or --nats-jwt and --nats-seed.

  • --rpc-timeout-ms <WASMCLOUD_RPC_TIMEOUT_MS> - Timeout in milliseconds for all RPC calls.

    Default value: 2000

  • --rpc-tls <WASMCLOUD_RPC_TLS> - Optional flag to require host communication over TLS with a NATS server for RPC messages.

  • --enable-traces <WASMCLOUD_TRACES_ENABLED> - Enables the wasmCloud host to emit traces as OpenTelemetry signals.

  • --enable-metrics <WASMCLOUD_METRICS_ENABLED> - Enables the wasmCloud host to emit metrics as OpenTelemetry signals.

  • --enable-logs <WASMCLOUD_LOGS_ENABLED> - Enables the wasmCloud host to emit logs as OpenTelemetry signals.

  • --observability-protocol <PROTOCOL> - Configures whether grpc or http will be used for exporting the enabled telemetry. This defaults to 'http'.

  • --override-traces-endpoint <OTEL_EXPORTER_OTLP_TRACES_ENDPOINT> - Overrides the OpenTelemetry endpoint used for emitting traces.

  • --override-metrics-endpoint <OTEL_EXPORTER_OTLP_METRICS_ENDPOINT> - Overrides the OpenTelemetry endpoint used for emitting metrics.

  • --override-logs-endpoint <OTEL_EXPORTER_OTLP_LOGS_ENDPOINT> - Overrides the OpenTelemetry endpoint used for emitting logs.