Qubes is for security and security may be to protect valuable items from attack.
What happens under the threat of a weapon? The risk of such an attack is increasing every year and I have already been menaced with a weapon in the past, but fortunately not in relation to a computer.
So, a group is pointing a gun to you and wants your money, so you give them the cash you have available, but they see your computer and they want you to transfer money to their account. So you resist a bit, but obviously you are willing to transfer some money, because you do not want to be killed.
But if there is a way to stop the transaction after they are gone, then they’ll kill you just to avoid that.
The only way I know for an irrevocable transaction is Bitcoin. So you keep a reasonable amount in Bitcoin in a separate account just for that. But they are looking at your screen while you are typing, so you do not want they see the workspace where you keep your open Vault with passwords directed at bank accounts. You know that if they find them they may torture and kill you, as already happened to a friend of a friend.
So you need a simple hotkey to hide or to kill the Vault VM, avoiding the possibility they can notice your maneuver. Is there a way to set up something like that?
It’s probably a good idea in general not to have vault running the entire time anyway, especially with an unlocked secrets database.
May I suggest to create another vault-like qube, e.g. passwords, where you create another database with the less important secrets (so e.g. excluding bank account passwords) and leave that open instead if you must leave something like that open.
Other than that, you can bind a keyboard shortcut to qvm-kill.
That seems a very good idea, many thanks. Most of the password are actually totally uninteresting for any gun bearing attacker and can be kept open all the time.
I imagine that will work only when the screen is focused on the Dom0 terminal or Qubes-manager or something connected with dom0
Many thanks
No, I think you’re confusing it with qvm-xkill, which requires clicking on a window of the qube whose GUI you want to kill.
The command qvm-kill is used with an argument designating the qube to be killed (ungracefully shut down), e.g. qvm-kill vault. Note that this may corrupt any data of open applications, including secrets databases of apps such as KeePass.
You weigh your options and decide for yourself. You can prepare for counter-custody situations by learning about improvised weapons or compliance with the attacker(s), among other choices.