Skip to main content
The Wacht Rust SDK, as well as the underlying Node and React SDKs, rely on a standard set of environment variables to configure authentication and API communication securely.

Required Variables

You must provide your Secret Key and at least one way to resolve your Frontend API URL (usually via the Publishable Key).
WACHT_API_KEY
string
required
Your Secret API Key (wk_test_... or wk_live_...). This key grants full administrative access to your deployment’s backend APIs (api.wacht.dev). Never expose this key to the frontend.
WACHT_PUBLISHABLE_KEY
string
Your Publishable Key (pk_test_... or pk_live_...). When provided, the SDK uses this key to automatically derive your normalized WACHT_FRONTEND_HOST behind the scenes.
WACHT_FRONTEND_HOST
string
The base URL of your Wacht Frontend API. If you have provided WACHT_PUBLISHABLE_KEY, this variable is purely optional and takes precedence if set. Use this if you are using a custom domain for your frontend API.

Optional Variables

WACHT_PUBLIC_SIGNING_KEY
string
A static PEM-encoded RSA public key used to verify JWT session tokens.By default, the SDK dynamically fetches your deployment’s JSON Web Key Set (JWKS) via an HTTP request. Providing this environment variable tells the SDK to use the static key instead, eliminating the network request. This is highly recommended for serverless or edge environments where cold start times matter.

Example .env File

.env
# Required for Backend API access
WACHT_API_KEY=wk_test_...

# Required to resolve the Frontend API URL
WACHT_PUBLISHABLE_KEY=pk_test_...

# Optional: Hardcode the public signing key for faster JWT verification
WACHT_PUBLIC_SIGNING_KEY="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0B...\n-----END PUBLIC KEY-----"