Skip to main content
Version: 1.x

Host Configuration

The following table contains a list of all options that can be used to configure the wasmCloud Host:

FlagEnvironment VariableDefaultDescriptionExample
--log-levelWASMCLOUD_LOG_LEVELINFOControls the verbosity of logs from the wasmCloud host--log-level DEBUG
--nats-hostWASMCLOUD_NATS_HOST127.0.0.1NATS server host to connect to--nats-host my-nats-server
--nats-portWASMCLOUD_NATS_PORT4222NATS server port to connect to--nats-port 4223
--nats-jwtWASMCLOUD_NATS_JWTN/AA user JWT to use to authenticate to NATS. The given credential needs to have full access to all wasmbus.> topics as well as access to the configured --js-domain to create, manage, and access KV buckets used for lattice metadata and component config.--nats-jwt eyJ0eXAiOiJqd3Qi...
--nats-seedWASMCLOUD_NATS_SEEDN/AA seed nkey to use to authenticate to NATS. This seed should be the same one associated with the JWT. Please see the NATS Docs for more information--nats-seed SUAAZU5G7UOUR7VX...
-x, --latticeWASMCLOUD_LATTICEdefaultThe lattice the host belongs to. If running with multiple lattices, each name MUST be unique.-x my-lattice
--host-seedWASMCLOUD_HOST_SEEDN/AThe seed key used by this host to generate its public key. In most cases you won't need to set this, but if needed a seed can be generated with wash keys gen server--host-seed SNABP2H7DRKW3XRM...
--cluster-seedWASMCLOUD_CLUSTER_SEEDN/AThe seed key used by this host to sign all invocations.--cluster-seed SCAICHCEWFXMDS6A...
--cluster-issuersWASMCLOUD_CLUSTER_ISSUERSN/AA comma-delimited list of public keys for signed invocations.--cluster-issuers CCTUCYZYWQ...,CA2PCIP7QF...
--provider-shutdown-delayWASMCLOUD_PROV_SHUTDOWN_DELAY_MS300Delay in milliseconds between requesting a provider shutdown. If you are likely to be running many custom providers that require extensive clean up, this value can be increased to give them more time to shut down--provider-shutdown-delay 500
--allow-latestWASMCLOUD_OCI_ALLOW_LATESTN/ADetermines whether OCI images tagged latest are allowed. By default, we do not allow this as it makes it very unclear if something has actually updated for an end user or operator--allow-latest
--allowed-insecureWASMCLOUD_OCI_ALLOWED_INSECUREN/AComma-separated list of allowed insecure OCI hosts. Otherwise, all OCI references given to this host will expect an https endpoint--allowed-insecure registry1,registry2
--js-domainWASMCLOUD_JS_DOMAINN/ANATS Jetstream domain name. If set, all hosts in the lattice MUST be using the same domain name--js-domain my-domain
--config-service-enabledWASMCLOUD_CONFIG_SERVICEN/ADenotes if a wasmCloud host should issue requests to a config service on startup. This config service can allow dynamic setting of things such as OCI credentials--config-service-enabled
--allow-file-loadWASMCLOUD_ALLOW_FILE_LOADN/ADenotes if a wasmCloud host should allow starting components from the file system. This should only be used for development and not in production (as the existence of files on any given system cannot be guaranteed)--allow-file-load
--enable-structured-loggingWASMCLOUD_STRUCTURED_LOGGING_ENABLEDN/AEnable JSON structured logging from the wasmCloud host--enable-structured-logging
-l, --labelWASMCLOUD_LABEL_{label_name} (specified for each label)N/AA label=value to apply to the host. May be specified multiple times-l cloud=aws -l region=us-west
--ctl-hostWASMCLOUD_CTL_HOSTNATS host valueAn IP address or DNS name to use to connect to NATS for Control Interface (CTL) messages, defaults to the value supplied to --nats-host if not supplied.--ctl-host my-nats-server
--ctl-portWASMCLOUD_CTL_PORTNATS port valueA port to use to connect to NATS for CTL messages, defaults to the value supplied to --nats-port if not supplied.--ctl-port 4223
--ctl-jwtWASMCLOUD_CTL_JWTNATS JWT valueA user JWT to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-jwt if not supplied.--ctl-jwt eyJ0eXAiOiJqd3Qi...
--ctl-seedWASMCLOUD_CTL_SEEDNATS seed valueA seed nkey to use to authenticate to NATS for CTL messages, defaults to the value supplied to --nats-seed if not supplied.--ctl-seed SUAAZU5G7UOUR7VX...
--ctl-tlsWASMCLOUD_CTL_TLSN/AOptional flag to require host communication over TLS with a NATS server for CTL messages.--ctl-tls
--ctl-topic-prefixWASMCLOUD_CTL_TOPIC_PREFIXwasmbus.ctlAdvanced: A prefix to use for all CTL topics.--ctl-topic-prefix my.ctl
--rpc-hostWASMCLOUD_RPC_HOSTNATS host valueAn IP address or DNS name to use to connect to NATS for RPC messages, defaults to the value supplied to --nats-host if not supplied.--rpc-host my-nats-server
--rpc-portWASMCLOUD_PRC_PORTNATS port valueA port to use to connect to NATS for RPC messages, defaults to the value supplied to --nats-port if not supplied.--rpc-port 4223
--rpc-jwtWASMCLOUD_RPC_JWTNATS JWT valueA user JWT to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-jwt if not supplied.--rpc-jwt eyJ0eXAiOiJqd3Qi...
--rpc-seedWASMCLOUD_RPC_SEEDNATS seed valueA seed nkey to use to authenticate to NATS for RPC messages, defaults to the value supplied to --nats-seed if not supplied.--rpc-seed SUAAZU5G7UOUR7VX...
--rpc-timeout-msWASMCLOUD_RPC_TIMEOUT_MS2000Timeout in milliseconds for all RPC calls.--rpc-timeout-ms 4000
--rpc-tlsWASMCLOUD_RPC_TLSN/AOptional flag to require host communication over TLS with a NATS server for RPC messages.--rpc-tls
--policy-topicWASMCLOUD_POLICY_TOPICN/AEnables policy checks on start actions and component invocations at the given topic. This can be used with any sort of policy service. For more information see our Policy Service documentation--policy-topic my.policy.topic
--policy-changes-topicWASMCLOUD_POLICY_CHANGES_TOPICN/AAllows the host to subscribe to updates on past policy decisions. This is how a policy service can tell hosts to invalidate a cached decision. This requires --policy-topic to be test--policy-changes-topic my.changes.topic
--policy-timeout-msWASMCLOUD_POLICY_TIMEOUT1000Sets a custom timeout for requesting policy decisions. Requires --policy-topic to be set--policy-timeout-ms 2000
--oci-registryOCI_REGISTRYN/AOverrides credentials for a specific OCI registry. Used in tandem with --oci_user and --oci_password to override credentials for a specific OCI registry--oci-registry my-registry
--oci-userOCI_REGISTRY_USERN/AUsername for the OCI registry specified by --oci_registry--oci-user my-username
--oci-passwordOCI_REGISTRY_PASSWORDN/APassword for the OCI registry specified by --oci_registry--oci-password my-password
--enable-observabilityWASMCLOUD_OBSERVABILITY_ENABLEDN/AEnables the wasmCloud host to emit all OpenTelemetry signals. Conflicts with signal-specific configurations for logs, traces, and metrics.--enable-observability
--enable-tracesWASMCLOUD_TRACES_ENABLEDN/AEnables the wasmCloud host to emit traces as OpenTelemetry signals.--enable-traces
--enable-metricsWASMCLOUD_METRICS_ENABLEDN/AEnables the wasmCloud host to emit metrics as OpenTelemetry signals.--enable-metrics
--enable-logsWASMCLOUD_LOGS_ENABLEDN/AEnables the wasmCloud host to emit logs as OpenTelemetry signals.--enable-logs
--override-observability-endpointOTEL_EXPORTER_OTLP_ENDPOINTN/AOverrides the OpenTelemetry endpoint used for emitting traces, metrics, and logs.--override-observability-endpoint http://my-custom-host:4318
--override-traces-endpointOTEL_EXPORTER_OTLP_TRACES_ENDPOINTN/AOverrides the OpenTelemetry endpoint used for emitting traces.--override-traces-endpoint http://my-custom-host:4318
--override-metrics-endpointOTEL_EXPORTER_OTLP_METRICS_ENDPOINTN/AOverrides the OpenTelemetry endpoint used for emitting metrics.--override-metrics-endpoint http://my-custom-host:4318
--override-logs-endpointOTEL_EXPORTER_OTLP_LOGS_ENDPOINTN/AOverrides the OpenTelemetry endpoint used for emitting logs.--override-logs-endpoint http://my-custom-host:4318