WIth KeePass having a few different files for everything just bugs me and I don’t know why.
Is where a way to have the main KeePass file say in the vault and whenever I pullup KeePass on a VM that KeePass is able to grab that password file?
I think what you’re trying to do is have KeePass open in every Qube that you need to use it for, but there is a much better way of doing this that is both more secure and more convenient. You can have one instance of KeePass open in the vault and use the Qubes Global Clipboard to copy information from the vault to the destination Qube to sign into an account, for instance. The default keybinds for the Qubes Clipboard are Ctrl + Shift + C and Ctrl + Shift + V. You can read this article for more information: How to copy and paste text | Qubes OS
1 Like
Hey, thanks for the reply! I have thought about that and initially was doing that but using the integration of keepass and the Firefox extension is rather nice. I just wasn’t even sure if you can link or possibly take one file and “merge” it across multiple VM’s.
Oh so you want several keepass files to sync when you make changes? Perhaps it would be possible with syncthing or whatever but this introduces more risk.
Hi! I’m currently using this workflow and it works well, but I’m trying to reduce the risk of leaving sensitive data in the clipboard.
KeePass has a feature that automatically clears the clipboard after a few seconds, which helps mitigate this risk. However, when copying data between Qubes using the Qubes Global Clipboard, this automatic clearing does not seem to apply in the same way.
Because of that, the clipboard contents may remain available longer than intended after pasting into another qube.
Is there a recommended way to implement a similar behavior in Qubes OS? For example, automatically clearing the global clipboard after a short timeout or triggering a wipe after the paste operation.
I’d appreciate any suggestions or workflows others are using to mitigate this.
Have you tried this
qvm-service --enable VMNAME gui-agent-clipboard-wipe
It looks like that will wipe the qube clipboard automatically after a minute.
1 Like
Isn’t there global clipboard wipe settings in qubes global config?
Yes, there are global clipboard configurations.
However, there isn’t a specific “clipboard wipe timer” setting exposed in the global config. Clipboard behavior is mainly controlled through the qrexec policy for qubes.ClipboardPaste.
The default policy looks like this:
# THIS IS AN AUTOMATICALLY GENERATED POLICY FILE.
# Any changes made manually may be overwritten by Qubes Configuration Tools.
qubes.ClipboardPaste * @adminvm @anyvm ask
qubes.ClipboardPaste * @anyvm @anyvm ask
If someone wanted different behavior (for example stricter control or automation), it could potentially be implemented through a custom qrexec policy, although I’m not completely sure how a timed clipboard wipe would be implemented at the policy level.