Wasmo Docs

Environment variables

Wasmo Builder is fully configurable and the only way to configure it is to use the environment variables.

Storage
S3DOCKER_S3S3_POSTGRESDOCKER_S3_POSTGRES

Wasmo Builder can be run on three differents ways:

  • STORAGE=: in this configuration, the Wasmo UI will not be available and you will only be able to create plugin using the oneshot process. The generated Wasm binaries will be stored on the file system.

  • STORAGE=S3: Use a remote S3 to store generated Wasm binaries. Can use the Builder UI for editing plugins.

  • STORAGE=DOCKER_S3: Use a Docker remote S3 to store generated Wasm binaries. Can use the Builder UI for editing plugins.

  • STORAGE=S3_POSTGRES: Use a remote S3 to store the generated Wasm binaries and use the Postgres instance for user management.

  • STORAGE=DOCKER_S3_POSTGRES: Use both remote Docker S3 and Postgres instance

S3, DOCKER_S3, S3_POSTGRES, DOCKER_S3_POSTGRES configurations must used the related variables :

# required
STORAGE=<S3|DOCKER_S3|S3_POSTGRES|DOCKER_S3_POSTGRES>
S3_ENDPOINT=<value should start with scheme>
S3_BUCKET=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=<DEFAULT 'us-east-1'>

# optional
S3_FORCE_PATH_STYLE=<DEFAULT false>

# only for S3_POSTGRES and DOCKER_S3_POSTGRES configurations

PG_HOST=<DEFAULT  'localhost'>
PG_PORT=<DEFAULT  5432>
PG_DATABASE=<DEFAULT  'wasmo'>
PG_USER=<DEFAULT  'postgres'>
PG_PASSWORD=<DEFAULT  'password'>
PG_POOL_SIZE=<DEFAULT  20>
PG_IDLE_TIMEOUT_MILLIS=<DEFAULT  30000>
PG_CONNECTION_TIMEOUT_MILLIS=<DEFAULT  2000>

# cron job used to clean local wasm binary folder
LOCAL_WASM_JOB_CLEANING=<DEFAULT 60 * 60 * 1000> # 1 hour

Authentications
AUTH_MODE

Wasmo has one level of authentication. The value can be NO_AUTH, BASIC_AUTH or OTOROSHI_AUTH.

AUTH_MODE=OTOROSHI_AUTH

This level of authentication should be used at least in production mode. It ensures that the Wasmo's UI and backend are only accessible with tokens.

AUTH_MODE=BASIC_AUTH

The Wasmo UI will be secure with basic authentication (credentials configured from environment variables) and other endpoint will be secured with a pair of clientId/clientSecret. These credentials should be sent with basic authenticaiton format Basic base64(clientId:clientSecret).

AUTH_MODE=NO_AUTH

Wasmo is accessible without tokens or secrets. The UI is also available without any restrictions.

Pairing with Otoroshi
OTOROSHI_TOKEN_SECRETAUTH_MODE

Otoroshi is a layer of lightweight api management on top of a modern http reverse proxy written in Scala.

You have two ways to configure Wasmo and Otoroshi :

  • Wasmo is used by Otoroshi to pull compiled Wasm binaries

  • Otoroshi exposes Wasmo UI by securing user access

In both cases, you need to configure Wasmo and Otoroshi with same values for the following variables.

# required
OTOROSHI_TOKEN_SECRET=
AUTH_MODE=NO_AUTH | BASIC_AUTH | OTOROSHI_AUTH

Miscellaneous

# Listening PORT
PORT=                       <DEFAULT '5001'>            
# Storage used
STORAGE=                    

# S3
# Specifies an access key associated with your S3 instance
AWS_ACCESS_KEY_ID=                                      
# Specifies an secret key associated with your S3 instance
AWS_SECRET_ACCESS_KEY=                                  
# The Default region name identifies the S3 Region whose servers you want to send your requests to by default
AWS_DEFAULT_REGION=         <DEFAULT 'us-east-1'>   
# Specifies the endpoint that is used for all service requests    
S3_ENDPOINT=
# When set to true, the bucket name is always left in the request URI and never moved to the host as a sub-domain.
S3_FORCE_PATH_STYLE=
# Bucket used
S3_BUCKET=

# GITHUB
GITHUB_PERSONAL_TOKEN=
# A repository cannot be pull if it exceeds this limit
GITHUB_MAX_REPO_SIZE=

# Postgres host
PG_HOST=<DEFAULT  'localhost'>
PG_PORT=<DEFAULT  5432>
PG_DATABASE=<DEFAULT  'wasmo'>
# This optional environment variable is used in conjunction with POSTGRES_PASSWORD to set a user and its password. This variable will create the specified user with superuser power and a database with the same name
PG_USER=<DEFAULT  'postgres'>
#  It must not be empty or undefined. This environment variable sets the superuser password for PostgreSQL
PG_PASSWORD=<DEFAULT  'password'>
PG_POOL_SIZE=<DEFAULT  20>
# Number of milliseconds a client must sit idle in the pool and not be checked out before it is disconnected from the backend and discarded
PG_IDLE_TIMEOUT_MILLIS=<DEFAULT  30000>
# Number of milliseconds to wait before timing out when connecting a new client by default this is 0 which means no timeout
PG_CONNECTION_TIMEOUT_MILLIS=<DEFAULT  2000>

# Manager

# The location of the plugin templates. This can be a URL or a file path starting with file://
MANAGER_TEMPLATES=
MANAGER_MAX_PARALLEL_JOBS=   <DEFAULT 2>
# The domains allowed to call the Wasmo backend. This list is used by the CORS policy.
MANAGER_ALLOWED_DOMAINS=     <DEFAULT 'localhost:5001'>
# Defines whether Wasmo will be secured
AUTH_MODE=                   <'NO_AUTH'|'BASIC_AUTH'|'OTOROSHI_AUTH'>
# Secret used to verify the signature of the incoming token (only used with AUTH_MODE='OTOROSHI_AUTH')
OTOROSHI_TOKEN_SECRET=       <DEFAULT 'veryverysecret'>

# Expected client id (only used with AUTH_MODE='BASIC_AUTH')
WASMO_CLIENT_ID=
# Expected client secret (only used with AUTH_MODE='BASIC_AUTH')
WASMO_CLIENT_SECRET=

# Enables the Extism environment and the playground zone in UI
EXTISM_RUNTIME_ENVIRONMENT=  <DEFAULT false>

# At each time interval, Wasmo will clear a folder full of locally generated Wasm binaries
LOCAL_WASM_JOB_CLEANING=     <DEFAULT 60 * 60 * 1000> // 1 hour

LOGGER_FILE=                 <DEFAULT false>
LOGGER_LEVEL=                <DEFAULT 'info'>
LOGGER_TIMESTAMP             <DEFAULT false>
Previous
Your first plugin
Next
Plugin Structure