@whoami
Exposing multiple qrexec services from the same AppVM is not a best practice for security anything!
Each one of those qrexec services introduces a new avenue for the keepass database file or other secrets to be exfiltrated from the AppVM or for the AppVM to be otherwise compromised.
For split-ssh, the qrexec service qubes.SshAgent has absolutely no business being in the same qube as a person’s GPG keys. Anyone putting their split-gpg and split-ssh secrets in the same qube is doing so purely for the convenience of their own backups or their own resource management and not as a best practice for security!
What level of CVE on openssh does one need to witness to understand the benefit of keeping ssh identity agents fully isolated not just for their own safety, but also for the safety of everything else, and in this case, of the keepass database file?
If this thread is only about best practice, I would advise, don’t mix and match any qrexec services for split-* stuff like that on a qube containing a keepass database file one cares about.
The reasoning for lovingly creating separate TemplateVMs (regardless of if they are minimal-derived) is ultimately similar as both seek to isolate the AppVM from complicated interests that the AppVM doesn’t need to risk being conflated with, and that’s the only thing that helps secure anyone’s secrets more here.