qusal/salt/vault
Ben Grande 422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
..
appmenus.sls fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00
appmenus.top fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls feat: remove audiovm setting when unnecessary 2024-01-20 19:34:39 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00

vault

Vault environment in Qubes OS.

Table of Contents

Description

An offline qube will be created and named "vault", it will have a password manager for high entropy passwords, PGP and SSH client for creating private keys.

Installation

  • Top:
qubesctl top.enable vault
qubesctl --targets=tpl-vault state.apply
qubesctl top.disable vault
qubesctl state.apply vault.appmenus
  • State:
qubesctl state.apply vault.create
qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
qubesctl state.apply vault.appmenus

Usage

The intended usage is to hold passwords and keys. You should copy the keys generated from the vault to another qube, which can be a split agent server for SSH, PGP, Pass. A compromise of the client qube can escalate into a compromise of the qubes it can run RPC services, therefore a separate vault is appropriate according to your threat model.