[docker] add xtm-composer (opencti #7328)

maelv-filigran · maelv-filigran · commit 4f60d42dd529 · 2025-09-26T14:22:19.000+02:00
diff --git a/.env.sample b/.env.sample
@@ -13,5 +13,7 @@ CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b
 CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-b5d6-a5a3f76b845f
 CONNECTOR_IMPORT_DOCUMENT_ID=c3970f8a-ce4b-4497-a381-20b7256f56f0
 CONNECTOR_ANALYSIS_ID=4dffd77c-ec11-4abe-bca7-fd997f79fa36
+XTM_COMPOSER_ID=8215614c-7139-422e-b825-b20fd2a13a23
 SMTP_HOSTNAME=localhost
 ELASTIC_MEMORY_SIZE=4G
+COMPOSE_PROJECT_NAME=opencti
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,4 +1,17 @@
 services:
+  # Generate RSA key for xtm-composer (PKCS#8 format)
+  rsa-key-generator:
+    image: alpine/openssl:3.5.2
+    volumes:
+      - rsakeys:/keys
+    entrypoint: ["/bin/ash"]
+    command: ["-c", "if [ ! -f /keys/private_key.pem ]; then openssl genpkey -algorithm RSA -out /keys/private_key.pem -pkeyopt rsa_keygen_bits:4096; fi && tail -f /dev/null"]
+    healthcheck:
+      test: ["CMD", "test", "-f", "/keys/private_key.pem"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+    restart: always
   redis:
     image: redis:8.2.1
     restart: always
@@ -221,10 +234,33 @@ services:
     depends_on:
       opencti:
         condition: service_healthy
+  xtm-composer:
+    image: filigran/xtm-composer:1.0.0
+    platform: linux/amd64
+    environment:
+      - MANAGER__ID=${XTM_COMPOSER_ID}
+      - MANAGER__NAME=OpenCTI Connector Manager
+      - MANAGER__CREDENTIALS_KEY_FILEPATH=/keys/private_key.pem
+      - OPENCTI__ENABLE=true
+      - OPENCTI__URL=http://opencti:8080
+      - OPENCTI__TOKEN=${OPENCTI_ADMIN_TOKEN}
+      - OPENCTI__DAEMON__SELECTOR=docker
+      - OPENCTI__DAEMON__DOCKER__NETWORK_MODE=${COMPOSE_PROJECT_NAME}_default
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - rsakeys:/keys:ro  # RSA key mounted as read-only
+    depends_on:
+      rsa-key-generator:
+        condition: service_healthy
+      opencti:
+        condition: service_healthy
+      rabbitmq:
+        condition: service_healthy
+    restart: always
 
 volumes:
   esdata:
   s3data:
   redisdata:
   amqpdata:
-
+  rsakeys:
