i dont know who needs to hear this

but

you can create a Veracrypt volume on some removable media (USB or flash card) and put it *inside a dummy volume.

ie, its clear there's Veracrypt in the media but there are TWO passwords to access it.

one for the dummy volume

one for the real one

so if forced to reveal your PW you can plausibly reveal the dummy one.

while keeping the REAL secret safe.

but it gets better

you can then install a VM from an .iso INSIDE the secret volume and boot it with KVM.

you are then running a customizable computing environment that lives completely inside a secret encrypted volume you can put in your pocket 😎