diff --git a/config.ml b/config.ml
index 314172f..13ba136 100644
--- a/config.ml
+++ b/config.ml
@@ -1,3 +1,4 @@
+(* mirage >= 4.5.0 *)
 (* Copyright (C) 2017, Thomas Leonard <thomas.leonard@unikernel.com>
    See the README file for details. *)
 
@@ -5,33 +6,27 @@
 
 open Mirage
 
-let table_size =
-  let info = Key.Arg.info
-      ~doc:"The number of NAT entries to allocate."
-      ~docv:"ENTRIES" ["nat-table-size"]
-  in
-  let key = Key.Arg.opt ~stage:`Both Key.Arg.int 5_000 info in
-  Key.create "nat_table_size" key
+let nat_table_size = runtime_arg ~pos:__POS__ "Unikernel.nat_table_size"
 
 let main =
-  foreign
-    ~keys:[Key.v table_size]
+    main
+    ~runtime_args:[ nat_table_size; ]
     ~packages:[
       package "vchan" ~min:"4.0.2";
       package "cstruct";
       package "astring";
       package "tcpip" ~min:"3.7.0";
-      package ~min:"2.3.0" ~sublibs:["mirage"] "arp";
-      package ~min:"3.0.0" "ethernet";
+      package "arp" ~min:"2.3.0" ~sublibs:["mirage"];
+      package "ethernet" ~min:"3.0.0";
       package "shared-memory-ring" ~min:"3.0.0";
-      package ~min:"2.1.2" "netchannel";
+      package "netchannel" ~min:"2.1.2";
       package "mirage-net-xen";
       package "ipaddr" ~min:"5.2.0";
       package "mirage-qubes" ~min:"0.9.1";
-      package ~min:"3.0.1" "mirage-nat";
+      package "mirage-nat" ~min:"3.0.1";
       package "mirage-logs";
       package "mirage-xen" ~min:"8.0.0";
-      package ~min:"6.4.0" "dns-client";
+      package "dns-client" ~min:"6.4.0";
       package "pf-qubes";
     ]
     "Unikernel.Main" (random @-> mclock @-> time @-> job)
diff --git a/unikernel.ml b/unikernel.ml
index 65f7b3a..fc2a0c2 100644
--- a/unikernel.ml
+++ b/unikernel.ml
@@ -3,10 +3,15 @@
 
 open Lwt
 open Qubes
+open Cmdliner
 
 let src = Logs.Src.create "unikernel" ~doc:"Main unikernel code"
 module Log = (val Logs.src_log src : Logs.LOG)
 
+let nat_table_size =
+  let doc = Arg.info ~doc:"The number of NAT entries to allocate." [ "nat-table-size" ] in
+  Arg.(value & opt int 5_000 doc)
+
 module Main (R : Mirage_random.S)(Clock : Mirage_clock.MCLOCK)(Time : Mirage_time.S) = struct
   module Uplink = Uplink.Make(R)(Clock)(Time)
   module Dns_transport = My_dns.Transport(R)(Clock)(Time)
@@ -23,7 +28,7 @@ module Main (R : Mirage_random.S)(Clock : Mirage_clock.MCLOCK)(Time : Mirage_tim
     ]
 
   (* Main unikernel entry point (called from auto-generated main.ml). *)
-  let start _random _clock _time =
+  let start _random _clock _time nat_table_size =
     let start_time = Clock.elapsed_ns () in
     (* Start qrexec agent and QubesDB agent in parallel *)
     let qrexec = RExec.connect ~domid:0 () in
@@ -44,8 +49,7 @@ module Main (R : Mirage_random.S)(Clock : Mirage_clock.MCLOCK)(Time : Mirage_tim
       Xen_os.Lifecycle.await_shutdown_request () >>= fun (`Poweroff | `Reboot) ->
       Lwt.return_unit in
     (* Set up networking *)
-    let max_entries = Key_gen.nat_table_size () in
-    let nat = My_nat.create ~max_entries in
+    let nat = My_nat.create ~max_entries:nat_table_size in
 
     (* Read network configuration from QubesDB *)
     Dao.read_network_config qubesDB >>= fun config ->