What is a good way to transfer a bunch of data from qube to another

Say there are two qubes:

  1. db_qube [no internet access] and
  2. disp-xx [with internet],

where the disp-xx is a disposable qube, and db_qube has a bunch of data/config files for different identities - like different .ovpn config files, login credentials for a bunch of websites, temporary wallet seed phrases etc. [just a random example - dont get distracted & attack storing seed phrases]. Let’s say there are 100s of these identities so its not practical to make a separate qube for each identity, and there’s a lot of these data per identify to be copy+pasting through global clipboard would be cumbersome/ prone to missing something.

Whats the best/safest way to enter something like a identity ID in disp-xx and fetch all the data from db_qube? I was thinking I’d write a simple REST server on db_qube, allow only local connections, and fetch it from the disp-xx qube, and use shell scripts to set a bunch of stuff.

But is there an easier way, and in the method above, are there any glaring security issues I’m introducing?

A qrexec RPC script? disp-xx would be able to run a pre-defined command on the db_qube and get the result.

2 Likes

Thank you ! This seems to be close to what I was looking for.

On skimming the docs, there’s some cautionary note on ways that setting this up might compromise Qubes security.

If you have enough experience with this framework, would you be able to point out a rough workflow? something like the db_qube should start the disp VMs and push the values with some kind of one-way only communication?