mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-29 01:16:13 -05:00
.. | ||
clone.sls | ||
clone.top | ||
create.sls | ||
create.top | ||
init.top | ||
install.sls | ||
install.top | ||
README.md |
vault
Vault environment in Qubes OS.
Table of Contents
Description
An offline qube will be created and named "vault", it will have a password manager for high entropy passwords, PGP and SSH client for creating private keys.
Installation
- Top:
qubesctl top.enable vault
qubesctl --targets=tpl-vault state.apply
qubesctl top.disable vault
- State:
qubesctl state.apply vault.create
qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
Usage
The intended usage is to hold passwords and keys. You should copy the keys generated from the vault to another qube, which can be a split agent server for SSH, PGP, Pass. A compromise of the client qube can escalate into a compromise of the qubes it can run RPC services, therefore a separate vault is appropriate according to your threat model.