qusal/salt/vault/README.md

# vault

Vault environment in Qubes OS.

## Table of Contents

*   [Description](#description)
*   [Installation](#installation)
*   [Usage](#usage)

## Description

An offline qube will be created and named "vault", it will have a password
manager for high entropy passwords, PGP and SSH client for creating private
keys.

## Installation

*   Top:

```sh
sudo qubesctl top.enable vault
sudo qubesctl --targets=tpl-vault state.apply
sudo qubesctl top.disable vault
sudo qubesctl state.apply vault.appmenus
```

*   State:

<!-- pkg:begin:post-install -->

```sh
sudo qubesctl state.apply vault.create
sudo qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
sudo qubesctl state.apply vault.appmenus
```

<!-- pkg:end:post-install -->

## Usage

The intended usage is to hold passwords and keys. You should copy the keys
generated from the vault to another qube, which can be a split agent
server for SSH, PGP, Pass. A compromise of the client qube can escalate into a
compromise of the qubes it can run RPC services, therefore a separate vault is
appropriate according to your threat model.
refactor: initial commit 2023-11-13 09:33:28 -05:00			`# vault`

			`Vault environment in Qubes OS.`

			`## Table of Contents`

doc: lint markdown files Only way to have a unified markdown syntax is to enforce the wanted syntax by linting the files. Don't rely on the many markdown syntaxes, be consistent. 2024-07-04 11:10:11 -04:00			`* [Description](#description)`
			`* [Installation](#installation)`
			`* [Usage](#usage)`
refactor: initial commit 2023-11-13 09:33:28 -05:00
			`## Description`

			`An offline qube will be created and named "vault", it will have a password`
			`manager for high entropy passwords, PGP and SSH client for creating private`
			`keys.`

			`## Installation`

doc: lint markdown files Only way to have a unified markdown syntax is to enforce the wanted syntax by linting the files. Don't rely on the many markdown syntaxes, be consistent. 2024-07-04 11:10:11 -04:00			`* Top:`

refactor: initial commit 2023-11-13 09:33:28 -05:00			```sh
doc: prefix qubesctl with sudo Fixes: https://github.com/ben-grande/qusal/issues/20 2024-02-23 10:54:35 -05:00			`sudo qubesctl top.enable vault`
			`sudo qubesctl --targets=tpl-vault state.apply`
			`sudo qubesctl top.disable vault`
			`sudo qubesctl state.apply vault.appmenus`
refactor: initial commit 2023-11-13 09:33:28 -05:00			```

doc: lint markdown files Only way to have a unified markdown syntax is to enforce the wanted syntax by linting the files. Don't rely on the many markdown syntaxes, be consistent. 2024-07-04 11:10:11 -04:00			`* State:`

refactor: initial commit 2023-11-13 09:33:28 -05:00			`<!-- pkg:begin:post-install -->`
doc: lint markdown files Only way to have a unified markdown syntax is to enforce the wanted syntax by linting the files. Don't rely on the many markdown syntaxes, be consistent. 2024-07-04 11:10:11 -04:00
refactor: initial commit 2023-11-13 09:33:28 -05:00			```sh
doc: prefix qubesctl with sudo Fixes: https://github.com/ben-grande/qusal/issues/20 2024-02-23 10:54:35 -05:00			`sudo qubesctl state.apply vault.create`
			`sudo qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install`
			`sudo qubesctl state.apply vault.appmenus`
refactor: initial commit 2023-11-13 09:33:28 -05:00			```
doc: lint markdown files Only way to have a unified markdown syntax is to enforce the wanted syntax by linting the files. Don't rely on the many markdown syntaxes, be consistent. 2024-07-04 11:10:11 -04:00
refactor: initial commit 2023-11-13 09:33:28 -05:00			`<!-- pkg:end:post-install -->`

			`## Usage`

			`The intended usage is to hold passwords and keys. You should copy the keys`
			`generated from the vault to another qube, which can be a split agent`
			`server for SSH, PGP, Pass. A compromise of the client qube can escalate into a`
			`compromise of the qubes it can run RPC services, therefore a separate vault is`
			`appropriate according to your threat model.`