Vault Domain Purpose? (Noob)

Hi all! Before I start I just wanted to say that all replies are GREATLY appreciated and I am very familiar with the general idea of what I’m doing but I am semi new to Qubes as a OS in general so please forgive my noobiness. After looking through lots of amazing documentation on the Qubes Website I did become a bit confused and thought id reach out to ask instead. The only thing I’m kind of confused about is what the purposes and uses of a “Vault” domain by default would be used for? I can understand personal, work and untrusted by default but I guess I don’t understand what a vault would be used for for by default. I also realized in the in the settings for the vault domain that by default networking is disabled. I’m assuming this means the vaults role is more to store files that don’t need to interact with the internet therefore keeping those files more secure? All in all this confuses me can anyone potentially elaborate so I can understand the potential uses of why I would use the vault domain? As stated above all replies are greatly appreciated, Thank you so much! :sweat_smile:

We had a very similar question in the German part of the forum a few days ago (together with the question, what exactly the word “Vault” stands for).
My answer was a bit extended but I guess it fits, what the Qubes staff think the Vault VM should be…

In 2013, when Ed Snowden decited to bring his collections of secret material to the right people/journalists who should work with it in future days, he was carrying four different Laptops on his journey to HongKong.
One of the devices was a -so called- air-gap device, which means, this device never have seen an internet connection or ever was connected to the www before or would be so in the future.
You actually can setup such a device by removing all network/blutooth/etc. adapters just after you bought it in the shop.

All files/stuff which will find it’s way into the device, will be copied via USB devices and you always have to take care, that everything, what you’ll bring into the device isn’t compromised in any way - you even have to do OS updates that way, if you think your device need them or somethings similar.
Most of the people -who are using such an air-gap device- probably didn’t care about OS updates and leave the device in the state, it was on the day they bought it. What else should happen, if you have no internet connection and nothing will compromise the system (except from your own false doings).

Such devices are a good idea, when you’re a journalist, who’s working on some secure and sensitive stuff, which shouldn’t fall into wrong people hands. All what you’re doing or working on, you do by yourself and on this special device only. Nothings come in - nothings get out. You’re viewing the material - removing the metadata, so nobody can track this all back to the initial source and also no strange power will take control of your device by setting up a backdoor (or somethings similar) from the internet.
All what strangers can do, is trying to get the device in their hands and so taking control of it. So you have to take care of this only…

The Vault cube is a result of all this. It’s an air-gap cube, which hasn’t any physical connection to the internet and all the updates it’s getting, coming in via a special proxy connection through the Qubes updaterVM for vaults templateVM only. With other words: the qube itself never will come in contact with the www or any parts of it…
It’s very like that air-gap Laptop, Snowden took with him to Hongkong in 2013.

1 Like

You have the right idea. Offline files are relatively more safe from attacks on your networked qubes. But it’s more than that.

The vault domain constitutes a unique trust level. It’s the second most trusted domain next to dom0. But just because it’s “air-gapped” doesn’t make it safe. Ultimately, the level of trust depends on how you use it. For example, you can create network-isolated qubes that are not trusted. For example, a disposable qube that has no network might be used to work on certain kinds of untrusted files. You would never store sensitive files in such a domain. Or you might have two versions of “vault” to store files - one as a general archive (relatively less trusted due to more attack surface) and one that only stores keys and other high value docs. It’s all about compartmentalizing different activities and data. Vault is mostly just a default example to get you thinking in those terms.

1 Like