I think there is an easier way to implement it and cover a wide variety of needs. And I myself would love it!
Let us assume everyone has his own master vault (i.e. the one you are using just right now).
Imagine you just add a new type of password entry ("enpass-vault") where you define:
the name of the embedded vault
the file_name of the vault file
the master password for this embedded vault
define read-only or read-write behavior
setup synchronization for (i.e. different dropbox account)
Now the enpass app will at its start scan the main vault for these "enpass-vault" entries for available embedded vaults and will make them available/searchable for the user.
When the user wants to store a new password, it will be stored into the main vault by default unless the user specifies any of the embedded read-write vaults to store it in.
In this way, it is solely on the user's decision what kind of embedded vault he/she wants to have (team vault, external company vault, wife's vault, family vault etc.)...