Central secrets portal implementation #9729
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
security
This issue pertains to the security of Qubes OS.
Comments
DemiMarie
added
the
P: default
andrewdavidwong
added
C: core
security
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem you're addressing (if any)
Qubes OS relies on in-VM implementations of the secrets portal. These cannot interact with e.g. the lock screen, and may change when the user changes templates. Also, having a separate secrets service for each VM is less than great.
The solution you'd like
Have a centrally-managed secret service that also implements the portal interface. The secret service will track data across VM renames and backups, and will be independent of whatever the VM chooses.
The value to a user and who that user might be
All users will benefit from better UX. For instance, redundant “Do you want to create this keyring?” prompts will be eliminated.
Completion criteria checklist
No response
The text was updated successfully, but these errors were encountered: