Vanishing Secrets: Auto-Wipe Your Clipboard on Qubes OS

By Max December 1, 2025
One command in your Qubes template installs `xsel` and creates an autostart service that wipes your clipboard 30 seconds after you copy anything. Works on Debian, Fedora, and Whonix minimal templates.
Vanishing Secrets: Auto-Wipe Your Clipboard on Qubes OS

When you copy a password, it sits in your clipboard until you copy something else or restart. That’s a problem. Any application running in your AppVM can read it. Clipboard managers might log it. And you’ll probably forget it’s there.

The solution is simple: automatically wipe the clipboard 30 seconds after any copy operation.

The One-Liner

Run this in your template VM (in the template directly), then shut it down and restart your AppVMs.

Debian 13 / Whonix 17:

sudo apt install xsel -y && sudo tee /etc/xdg/autostart/clipboard-wipe.desktop << 'EOF'
[Desktop Entry]
Type=Application
Name=Clipboard Auto-Wipe
Exec=/bin/bash -c 'while true; do prev=""; curr=$(xsel -ob 2>/dev/null); while [ "$curr" = "$prev" ]; do sleep 1; curr=$(xsel -ob 2>/dev/null); done; prev="$curr"; sleep 30; [ "$(xsel -ob 2>/dev/null)" = "$prev" ] && xsel -cp && xsel -cs && xsel -cb; done'
Hidden=false
NoDisplay=true
X-GNOME-Autostart-enabled=true
EOF

Fedora 42:

sudo dnf install xsel -y && sudo tee /etc/xdg/autostart/clipboard-wipe.desktop << 'EOF'
[Desktop Entry]
Type=Application
Name=Clipboard Auto-Wipe
Exec=/bin/bash -c 'while true; do prev=""; curr=$(xsel -ob 2>/dev/null); while [ "$curr" = "$prev" ]; do sleep 1; curr=$(xsel -ob 2>/dev/null); done; prev="$curr"; sleep 30; [ "$(xsel -ob 2>/dev/null)" = "$prev" ] && xsel -cp && xsel -cs && xsel -cb; done'
Hidden=false
NoDisplay=true
X-GNOME-Autostart-enabled=true
EOF

That’s it. Every AppVM based on that template now auto-wipes its clipboard.

How it works

The script runs a background loop that:

  1. Polls the clipboard every second, detects when new content appears, and waits 30 seconds
  2. Verifies the content is unchanged (protects against wiping a fresh copy you made within the window)
  3. Clears all X11 selections: PRIMARY (mouse highlight), SECONDARY, and CLIPBOARD (Ctrl+C/V)

Why the built-in wipe falls short

Qubes does have qvm-service --enable VMNAME gui-agent-clipboard-wipe, but it triggers 1 minute after your last paste operation. Copy a password and skip the paste step, and it stays in the clipboard indefinitely.

This approach wipes 30 seconds after the copy, whether or not you paste.

Qubes’ two clipboards

Qubes has two separate clipboard systems:

  • Inter-VM clipboard (Ctrl+Shift+C/V): Handled by dom0, auto-wipes after paste
  • Local AppVM clipboard (Ctrl+C/V): Standard X11, persists until cleared

The script above handles the local clipboard. The inter-VM clipboard already takes care of itself.

Security limitations

Defense in depth, with real limits:

  • The clipboard is still readable for 30 seconds
  • X11 “clearing” doesn’t cryptographically erase memory
  • Clipboard managers may keep history

For high-sensitivity operations, consider password managers with auto-type that bypass the clipboard entirely.

austrian-economics freedom-tech qubes-os opsec privacy open-source clipboard

Loading comments…