You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
freedomofpress/securedrop-workstation#533 implements an approach to permit copy & paste and log export via tagged VMs. This is intended to help us gain insights during the pilot about what changes to the default VM configuration and RPC policies may be ultimately desirable.
Because no VMs have the sd-send-clipboard, sd-receive-clipboard or sd-receive-logs tags by default, we need to document our initial recommendations for the use of these tags. For now, my thinking is:
Add a recommendation to the install docs to add sd-send-clipboard to the existing vault VM if and only if the organization intends to use KeePassX in vault to store SecureDrop login credentials.
Add a recommendation to the install docs to add sd-receive-logs to work (or another similar VM) so that it can be used for sharing selected logs, after inspection and redaction in sd-log.
Add a section to the Admin Guide "Managing clipboard access" that goes into further detail about the use of the clipboard, the security risks (including opsec), and the process for whitelisting access for select VMs.
Update the FAQ entry about clipboard access accordingly.
The text was updated successfully, but these errors were encountered:
freedomofpress/securedrop-workstation#533 implements an approach to permit copy & paste and log export via tagged VMs. This is intended to help us gain insights during the pilot about what changes to the default VM configuration and RPC policies may be ultimately desirable.
Because no VMs have the
sd-send-clipboard,sd-receive-clipboardorsd-receive-logstags by default, we need to document our initial recommendations for the use of these tags. For now, my thinking is:sd-send-clipboardto the existingvaultVM if and only if the organization intends to use KeePassX invaultto store SecureDrop login credentials.sd-receive-logstowork(or another similar VM) so that it can be used for sharing selected logs, after inspection and redaction insd-log.The text was updated successfully, but these errors were encountered: