.env.markdown

Environment file info

If you're running in production, you should set these securely.

However, if you just want to experiment, set the following values

AI Settings

• INPUT_TOKEN_LIMIT: 15000
  • (REQUIRED IF USING AI MODES) Ensure the input/output token count meets requirements and is supported by the model selected. Will not allow files with more than tokens specified to be processed
• TEMPERATURE: 0.0
  • The temperature value ranges from 0 to 2, with lower values indicating greater determinism and higher values indicating more randomness in responses.

A small note on selecting a provider

Below are the models you can use. We highly recommend using OpenRouter (OPENROUTER_API_KEY) which gives you access to a wide range of models / providers. There is no benefit in function to using one provider over another (the txt2stix logic is the same for all). We provide the option to use provider supplied API keys (e.g. OPENAI_API_KEY) for those who cannot / do not want to use OpenRouter.

• OPENROUTER_API_KEY=
  • (REQUIRED IF USING MODELS PROVIDED BY OPENROUTER IN AI MODES) get it from: https://openrouter.ai/settings/keys
• DEEPSEEK_API_KEY=
  • (REQUIRED IF USING DEEPSEEK MODELS DIRECTLY IN AI MODES) get it from: https://platform.deepseek.com/api-key
• OPENAI_API_KEY: YOUR_API_KEY
  • (REQUIRED IF USING OPENAI MODELS DIRECTLY IN AI MODES) get it from: https://platform.openai.com/api-keys
• ANTHROPIC_API_KEY: YOUR_API_KEY
  • (REQUIRED IF USING ANTHROPIC MODELS DIRECTLY IN AI MODES) get it from" https://console.anthropic.com/settings/keys
• GOOGLE_API_KEY:
  • (REQUIRED IF USING GOOGLE GEMINI MODELS DIRECTLY IN AI MODES) get it from the Google Cloud Platform (making sure the Gemini API is enabled for the project)

BIN List

• BIN_LIST_API_KEY: BLANK
  • for enriching credit card extractions needed for extracting credit card information. You get an API key here https://rapidapi.com/trade-expanding-llc-trade-expanding-llc-default/api/bin-ip-checker

CTIBUTLER

txt2stix requires ctibutler to lookup ATT&CK, CAPEC, CWE, ATLAS, and locations in blogs

• CTIBUTLER_BASE_URL: 'http://api.ctibutler.com' (recommended)
  • If you are running CTI Butler locally, be sure to set 'http://host.docker.internal:8006/api/' in the .env file otherwise you will run into networking errors.
• CTIBUTLER_API_KEY:
  • If using 'http://api.ctibutler.com', get your API key here. Can be left blank if running locally.

VULMATCH FOR CVE AND CPE LOOKUPS

txt2stix requires vulmatch to lookup CVEs and CPEs in blogs

• VULMATCH_BASE_URL: 'http://api.vulmatch.com' (recommended)
  • If you are running Vulmatch locally, be sure to set 'http://host.docker.internal:8005/api/' in the .env file otherwise you will run into networking errors.
• VULMATCH_API_KEY:
  • If using 'http://api.vulmatch.com', get your API key here. Can be left blank if running locally.