Skip to main content

Host Configuration

The following table contains a list of all options that can be used to configure the wasmCloud Host:

FlagEnvironment VariableDefaultDescriptionExample
--log-levelWASMCLOUD_LOG_LEVELINFOControls the verbosity of logs from the wasmCloud host--log-level DEBUG
--nats-hostNATS_HOST127.0.0.1NATS server host to connect to--nats-host my-nats-server
--nats-portNATS_PORT4222NATS server port to connect to--nats-port 4223
--nats-jwtNATS_JWTN/AA user JWT to use to authenticate to NATS. The given credential needs to have full access to all wasmbus.> topics as well as access to the configured --js-domain to create, manage, and access KV buckets used for lattice metadata and actor config--nats-jwt eyJ0eXAiOiJqd3Qi...
--nats-seedNATS_SEEDN/AA seed nkey to use to authenticate to NATS. This seed should be the same one associated with the JWT. Please see the NATS Docs for more information--nats-seed SUAAZU5G7UOUR7VX...
-x, --lattice-prefixWASMCLOUD_LATTICE_PREFIXdefaultThe lattice the host belongs to. If running with multiple lattices, each name MUST be unique-x my-lattice
--host-seedWASMCLOUD_HOST_SEEDN/AThe seed key used by this host to generate its public key. In most cases you won't need to set this, but if needed a seed can be generated with wash keys gen server--host-seed SNABP2H7DRKW3XRM...
--cluster-seedWASMCLOUD_CLUSTER_SEEDN/AThe seed key used by this host to sign all invocations.--cluster-seed SCAICHCEWFXMDS6A...
--cluster-issuersWASMCLOUD_CLUSTER_ISSUERSN/AA comma-delimited list of public keys for signed invocations.--cluster-issuers CCTUCYZYWQ...,CA2PCIP7QF...
--provider-shutdown-delayWASMCLOUD_PROV_SHUTDOWN_DELAY_MS300Delay in milliseconds between requesting a provider shutdown. If you are likely to be running many custom providers that require extensive clean up, this value can be increased to give them more time to shut down--provider-shutdown-delay 500
--allow-latestWASMCLOUD_OCI_ALLOW_LATESTN/ADetermines whether OCI images tagged latest are allowed. By default, we do not allow this as it makes it very unclear if something has actually updated for an end user or operator--allow-latest
--allowed-insecureWASMCLOUD_OCI_ALLOWED_INSECUREN/AComma-separated list of allowed insecure OCI hosts. Otherwise, all OCI references given to this host will expect an https endpoint--allowed-insecure registry1,registry2
--js-domainWASMCLOUD_JS_DOMAINN/ANATS Jetstream domain name. If set, all hosts in the lattice MUST be using the same domain name--js-domain my-domain
--config-service-enabledWASMCLOUD_CONFIG_SERVICEN/ADenotes if a wasmCloud host should issue requests to a config service on startup. This config service can allow dynamic setting of things such as OCI credentials--config-service-enabled
--allow-file-loadWASMCLOUD_ALLOW_FILE_LOADN/ADenotes if a wasmCloud host should allow starting actors from the file system. This should only be used for development and not in production (as the existence of files on any given system cannot be guaranteed)--allow-file-load
--enable-structured-loggingWASMCLOUD_STRUCTURED_LOGGING_ENABLEDN/AEnable JSON structured logging from the wasmCloud host--enable-structured-logging
-l, --labelWASMCLOUD_HOST_{label_name} (specified for each label)N/AA label=value to apply to the host. May be specified multiple times-l cloud=aws -l region=us-west
--policy-topicWASMCLOUD_POLICY_TOPICN/AEnables policy checks on start actions and actor invocations at the given topic. This can be used with any sort of policy service. For more information see our Policy Service documentation--policy-topic my.policy.topic
--policy-changes-topicWASMCLOUD_POLICY_CHANGES_TOPICN/AAllows the host to subscribe to updates on past policy decisions. This is how a policy service can tell hosts to invalidate a cached decision. This requires --policy-topic to be test--policy-changes-topic my.changes.topic
--policy-timeout-msWASMCLOUD_POLICY_TIMEOUT1000Sets a custom timeout for requesting policy decisions. Requires --policy-topic to be set--policy-timeout-ms 2000
--oci-registryOCI_REGISTRYN/AOverrides credentials for a specific OCI registry. Used in tandem with --oci_user and --oci_password to override credentials for a specific OCI registry--oci-registry my-registry
--oci-userOCI_REGISTRY_USERN/AUsername for the OCI registry specified by --oci_registry--oci-user my-username
--oci-passwordOCI_REGISTRY_PASSWORDN/APassword for the OCI registry specified by --oci_registry--oci-password my-password
--otel-traces-exporterOTEL_TRACES_EXPORTERN/ASpecifies which exporter to use for traces (Only "otlp" is currently supported)--otel-traces-exporter otlp
--otel-exporter-otlp-endpointOTEL_EXPORTER_OTLP_ENDPOINTN/ASpecifies the endpoint to use for the OTLP exporter--otel-exporter-otlp-endpoint http://my-custom-host:4318