Skip to main content

Configure Enarx.toml

With the Enarx.toml configuration file, environment variables, arguments and pre-opened file descriptors can be passed to the WASM application.


All elements are optional.


env specifies the environment variables exported to the WASM application in a map.


VAR1 = "var1"
VAR2 = "var2"


args specifies the arguments for the WASM application in an array.


args = [


steward specifies the URL for the steward to contact for a TLS certificate.


steward = ""


files specifies an array of file descriptor definitions to be pre-opened for the WASM application.

A files entry can contain the following sub elements.


kind can be one of "null", "stdin","stdout", "stderr", "listen" or "connect".


Name of the file descriptor, exported in the FD_NAMES environment variable. The default name for kind "null", "stdin","stdout", "stderr" is the kind.

The FD_NAMES environment variable contains all name strings of the files array joined with ":". The FD_COUNT environment variable contains the number of files elements.


prot can be "tcp" or "tls" for kind = "connect" or kind = "listen".

"tls" is the default, if prot is not specified.

tls transparently wraps a TCP connection with the TLS protocol. For kind = "listen" every accepted connection is also wrapped with the TLS protocol.


host specifies the host to connect to for a kind = "connect"


addr specifies the address to bind to for a kind = "listen".

addr = "::"          # bind to any interface IPv6 and IPv4 (the default, if not specified)
addr = "" # bind to any IPv4 interface
addr = "::1" # bind to IPv6 localhost
addr = "" # bind to IPv4 localhost
addr = "" # bind to a specific IPv4 address


port specifies the port to connect or bind to for kind = "connect" or kind = "listen". The default value is 443.


# Configuration for a WASI application in an Enarx Keep

# Arguments
args = [

# Environment variables
VAR1 = "var1"
VAR2 = "var2"

# Pre-opened file descriptors
kind = "null"

kind = "stdout"

kind = "stderr"

# A listen socket
name = "LISTEN"
kind = "listen"
prot = "tls" # or prot = "tcp"
port = 12345

# An outgoing connected socket
name = "CONNECT"
kind = "connect"
prot = "tcp" # or prot = "tls"
host = ""
port = 23456

This configuration files passes the environment VAR1=var1 VAR2=var2 and the arguments --argument1 --argument2=foo to the WASM application.

Additionally, five file descriptors are pre-opened:

  • 0: /dev/null
  • 1: /dev/stdout
  • 2: /dev/stderr
  • 3: a TCP listen socket bound to port 12345 on address ::, where every accepted connection is transparently wrapped with the TLS protocol
  • 4: a normal TCP stream socket connected to

Additionally, the following environment variables are exported:

  • FD_COUNT=5
  • FD_NAMES=null:stdout:stderr:LISTEN:CONNECT