# vault Vault environment in Qubes OS. ## Table of Contents * [Description](#description) * [Installation](#installation) * [Usage](#usage) ## Description An offline qube will be created and named "vault", it will have a password manager for high entropy passwords, PGP and SSH client for creating private keys. ## Installation - Top: ```sh sudo qubesctl top.enable vault sudo qubesctl --targets=tpl-vault state.apply sudo qubesctl top.disable vault sudo qubesctl state.apply vault.appmenus ``` - State: ```sh sudo qubesctl state.apply vault.create sudo qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install sudo qubesctl state.apply vault.appmenus ``` ## Usage The intended usage is to hold passwords and keys. You should copy the keys generated from the vault to another qube, which can be a split agent server for SSH, PGP, Pass. A compromise of the client qube can escalate into a compromise of the qubes it can run RPC services, therefore a separate vault is appropriate according to your threat model.