I think there is an easier way to implement it and cover a wide variety of needs. And I myself would love it! Let us assume everyone has his own master vault (i.e. the one you are using just right now). Imagine you just add a new type of password entry ("enpass-vault") where you define: the name of the embedded vault the file_name of the vault file the master password for this embedded vault define read-only or read-write behavior setup synchronization