I have found a workaround for this scenario mentioned above. Enpass, youre not going to like this though.
The only way to not have the master password opening the secondary vault is to simply delete the secondary vault when not in use then when i need it, resync it.
This is THE ONLY way that full security can be achived in enpass because in order to open the secondary vault :
1. i would need to enter the master passrd first
2. Then, enter the cloud storage password to access the DB
3. Then, i would need to unlock the secondary vault with the super strong password
So you see, the only way i can use Enpass securely is to not use it at all!!!
Come on people, surely you can see the madness in this?
mat