qusal/salt/vault/README.md
2023-11-13 14:33:28 +00:00

41 lines
986 B
Markdown

# vault
Vault environment in Qubes OS.
## Table of Contents
* [Description](#description)
* [Installation](#installation)
* [Usage](#usage)
## Description
An offline qube will be created and named "vault", it will have a password
manager for high entropy passwords, PGP and SSH client for creating private
keys.
## Installation
- Top:
```sh
qubesctl top.enable vault
qubesctl --targets=tpl-vault state.apply
qubesctl top.disable vault
```
- State:
<!-- pkg:begin:post-install -->
```sh
qubesctl state.apply vault.create
qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
```
<!-- pkg:end:post-install -->
## Usage
The intended usage is to hold passwords and keys. You should copy the keys
generated from the vault to another qube, which can be a split agent
server for SSH, PGP, Pass. A compromise of the client qube can escalate into a
compromise of the qubes it can run RPC services, therefore a separate vault is
appropriate according to your threat model.