Sovereign Stack has a number of features that require certain cryptographic operations. Where it makes sense, it makes sense to use a Trezor-T. This could be useful for things like file encryption using GPG and perhaps SSH for login to remote VMs. This can be achieved by mounting the USB device into the management machine
Make a post somewhere about Trezor-T integration.
- Encrypt sensitive information on the management machine using Trezor-generated GPG certificates. Use in conjunction with
- Logging into remote VMs using SSH.
- Encrypting user data on remote VMs (e.g., encrypted backups) using GPG.
- Future plans will be to integrate a hardware wallet (e.g., Trezor) to unlock the encrypted LUKS partition on your bare metal management machine in a manner similar to the Librem Key.