Encryption of app vms?

Thanks zithro, I don’t use Google, too. Of course I tried, but on searx, I didn’t get anything useful for “Joanna Rutkowska removed domains before going to London”, nor for “twitter Joanna qubes lhr”.

Anyway, did she bring her backup with her to London, or she restored the one left at home, on her arrival back home? Where is encrypting appVMS (subject of this topic) fits in here?

As I said, asking “how to” without knowing “why” is not a good asked question.

For example, if OP asked: “I want to go to London via airplane and I want to bring my kdbx stored in vault with me. Would be encrypted vault the best way not to risk any normal custom officer to mess with it? My threat model is normal-to-low”, that would be a proper question to be answered

And i would say, he might do it, but what I’d do is that I’d use 2fa, and I’d only bring kdbx with me, without key file. No custom officer can break into my kdbx without it, and can’t force me to give it to him/her. Once arrived, I 'd ask my sister at home to send me key file over secure channel. No harm if the key alone is compromised (that is why I’d bring one factor with me) - after received, immediately generating new one and use it while there. On my departure, I delete both. At the custom, I can’t be asked anything to give - I don’t have them. Once arrived back - simply restore kdbx and old key from the backup, just as Joanna, as I understand English, did.

What IT projects need is not IT Security professionals only, but mostly Information security professionals.