Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity
89e03956b1
qusal/salt/vault
History
Ben Grande 5eebd789ed refactor: initial commit
2023-11-13 14:33:28 +00:00
..
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md refactor: initial commit 2023-11-13 14:33:28 +00:00

README.md

vault

Vault environment in Qubes OS.

Table of Contents

Description

An offline qube will be created and named "vault", it will have a password manager for high entropy passwords, PGP and SSH client for creating private keys.

Installation

  • Top:
qubesctl top.enable vault
qubesctl --targets=tpl-vault state.apply
qubesctl top.disable vault
  • State:
qubesctl state.apply vault.create
qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install

Usage

The intended usage is to hold passwords and keys. You should copy the keys generated from the vault to another qube, which can be a split agent server for SSH, PGP, Pass. A compromise of the client qube can escalate into a compromise of the qubes it can run RPC services, therefore a separate vault is appropriate according to your threat model.