Yes, very possible. With varying levels of security based on the initial setup. For easy setup you can use any of the recommended open source apps, Electrum/BlueWallet/etc

*Keep in mind you will still want to generate multiple receiving addresses so you do not reuse the same one every time you send sats to your vault.

You can print a bunch of receiving addresses to use in future or for easier access you can generate the vault private key offline, then add the PUBLIC key to BlueWallet or others as a "watch-only" wallet, which can generate new receiver addresses from the public key. However this "watch-only" wallet will not be able to SEND the sats from the vault alone.

For higher security the idea is that you generate your keys OFFLINE, without ever exposing the private key to internet.

DarthCoin guide here for near perfect software-only cold wallet: https://darthcoin.substack.com/p/build-your-hodl-btc-cold-wallet