Nice article. Furthermore, man can easily "retrieve" the password from vault expression if he has access to encrypted files and and keystore. Using Vault is better than doing nothing.