Expand description

Configuration for a WASI application in an Enarx Keep

This crate provides Config, which can be used to with any serde deserializer. Its main purpose is to read an Enarx.toml configuration file.

extern crate toml;
use enarx_config::Config;
const CONFIG: &str = r#"
name = "LISTEN"
kind = "listen"
prot = "tls"
port = 12345

let config: Config = toml::from_str(CONFIG).unwrap();

The Enarx.toml configuration file

With the Enarx.toml configuration file, environment variables, arguments and pre-opened file descriptors can be passed to the WASM application.


All elements are optional.


env specifies the environment variables exported to the WASM application in a map.

VAR1 = "var1"
VAR2 = "var2"


args specifies the arguments for the WASM application in an array.

args = [


steward specifies the URL for the steward to contact for a TLS certificate.

steward = "https://steward.example.com"


files specifies an array of file descriptor definitions to be pre-opened for the WASM application.

A files entry can contain the following sub elements.


kind can be one of "null", "stdin","stdout", "stderr", "listen" or "connect".


Name of the file descriptor, exported in the FD_NAMES environment variable. The default name for kind "null", "stdin","stdout", "stderr" is the kind.

The FD_NAMES environment variable contains all name strings of the files array joined with “:”. The FD_COUNT environment variable contains the number of files elements.


prot can be "tcp" or "tls" for kind = "connect" or kind = "listen".

"tls" is the default, if prot is not specified.

tls transparently wraps a TCP connection with the TLS protocol. For kind = "listen" every accepted connection is also wrapped with the TLS protocol.


host specifies the host to connect to for a kind = "connect"


addr specifies the address to bind to for a kind = "listen".

addr = "::"          # bind to any interface IPv6 and IPv4 (the default, if not specified)
addr = ""     # bind to any IPv4 interface
addr = "::1"         # bind to IPv6 localhost
addr = ""   # bind to IPv4 localhost
addr = "" # bind to a specific IPv4 address

port specifies the port to connect or bind to for kind = "connect" or kind = "listen". The default value is 443.


args = [

VAR1 = "var1"
VAR2 = "var2"

kind = "null"

kind = "stdout"

kind = "stderr"

name = "LISTEN"
kind = "listen"
prot = "tls" # or prot = "tcp"
port = 12345

name = "CONNECT"
kind = "connect"
prot = "tcp" # or prot = "tls"
host = ""
port = 23456

This configuration files passes the environment VAR1=var1 VAR2=var2 and the arguments --argument1 --argument2=foo to the WASM application.

Additionally, five file descriptors are pre-opened:

  • 0: /dev/null
  • 1: /dev/stdout
  • 2: /dev/stderr
  • 3: a TCP listen socket bound to port 12345 on address ::, where every accepted connection is transparently wrapped with the TLS protocol
  • 4: a normal TCP stream socket connected to

Additionally, the following environment variables are exported:

  • FD_COUNT=5
  • FD_NAMES=null:stdout:stderr:LISTEN:CONNECT


The configuration for an Enarx WASI application

Name assigned to a file descriptor


Parameters for a pre-opened file descriptor

Protocol to use for a connection


Configuration file template