Host Configuration

Host runtime configuration is currently done through environment variables. These variables can either come from .env files or through real environment variables. Real variables take precedence over .env files.

The following sources of environment variables will be considered:

  • .env
  • .env.local
  • .env.[dev|test|prod]
  • .env.[dev|test|prod].local

As mentioned, any environment variable supplied at runtime will override variables supplied in any .env file. Best practice suggests that developers use the .local files to represent their local workstation environments and to not check those files into source control.

The following table contains a list of all supported environment variables.

Variable
Description
Default
WASMCLOUD_HOST_KEY
A 56-character public key used to identify the host
{runtime generated}
WASMCLOUD_HOST_SEED
A 56-character seed key corresponding to the host public key
{runtime generated}
WASMCLOUD_LATTICE_PREFIX
The prefix used to isolate multiple lattices from each other within the same NATS topic space
default
WASMCLOUD_RPC_HOST
NATS server host used for the RPC connection
0.0.0.0
WASMCLOUD_RPC_PORT
NATS server port used for the RPC connection
4222
WASMCLOUD_RPC_SEED
If decentralized NATS auth is used, the user seed
""
WASMCLOUD_RPC_JWT
If decentralized NATS auth is used, the user JWT
""
WASMCLOUD_RPC_TIMEOUT_MS
Timeout in milliseconds for RPC calls
2000
WASMCLOUD_PROV_RPC_HOST
NATS server host used for capability provider RPC connections
0.0.0.0
WASMCLOUD_PROV_RPC_PORT
NATS server port used for capability provider RPC connections
4222
WASMCLOUD_PROV_RPC_SEED
If decentralized NATS auth is used, the user seed for capability provider connections
""
WASMCLOUD_PROV_RPC_JWT
If decentralized NATS auth is used, the user JWT for capability provider connections
""
WASMCLOUD_PROV_RPC_TIMEOUT_MS
Timeout in milliseconds for capability provider RPC calls
2000
WASMCLOUD_CTL_HOST
NATS server host used for the control interface connection
0.0.0.0
WASMCLOUD_CTL_PORT
NATS server port used for the control interface connection
4222
WASMCLOUD_CTL_SEED
If decentralized NATS auth is used, the user seed for the control interface connection
""
WASMCLOUD_CTL_JWT
If decentralized NATS auth is used, the user JWT for the control interface connection
""
WASMCLOUD_CLUSTER_SEED
The seed key used by this host to sign all invocations. Note that different hosts can use different seed keys so long as their corresponding public keys are listed in the valid issuers variable.
{generated}
WASMCLOUD_CLUSTER_ISSUERS
A comma-delimited list of valid public keys that can be used as issuers on signed invocations
{generated}
WASMCLOUD_PROV_SHUTDOWN_DELAY_MS
Delay, in milliseconds, between requesting a provider shut down and forcibly terminating its OTP process
300
WASMCLOUD_OCI_ALLOW_LATEST
Determines whether OCI images tagged latest are allowed to be pulled and started. Defaults to false because latest is a possible attack and instability vector
false
WASMCLOUD_OCI_ALLOWED_INSECURE
The list of OCI hosts to which insecure connections are allowed. By default, no insecure connections are allowed.
""