mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
986 B
986 B
vault
Vault environment in Qubes OS.
Table of Contents
Description
An offline qube will be created and named "vault", it will have a password manager for high entropy passwords, PGP and SSH client for creating private keys.
Installation
- Top:
qubesctl top.enable vault
qubesctl --targets=tpl-vault state.apply
qubesctl top.disable vault
- State:
qubesctl state.apply vault.create
qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
Usage
The intended usage is to hold passwords and keys. You should copy the keys generated from the vault to another qube, which can be a split agent server for SSH, PGP, Pass. A compromise of the client qube can escalate into a compromise of the qubes it can run RPC services, therefore a separate vault is appropriate according to your threat model.