When importing a vault(1) configuration, derivepassphrase unconditionally overwrites the existing configuration with the imported one.
vault(1) however overwrites the existing configuration section-wise: each named service, and the global configuration if mentioned, is overwritten in whole by the respective imported settings. This means that unmentioned named services (and perhaps the global section) are inherited from before the import. (This should probably be called “merging” instead of “importing”.)
While I find derivepassphrase's current import-without-merge behavior more intuitive than the import-with-merge behavior, vault(1) uses the latter. Therefore, for compatibility with vault(1), implement the latter by default.
When importing a vault(1) configuration,
derivepassphraseunconditionally overwrites the existing configuration with the imported one.vault(1) however overwrites the existing configuration section-wise: each named service, and the global configuration if mentioned, is overwritten in whole by the respective imported settings. This means that unmentioned named services (and perhaps the global section) are inherited from before the import. (This should probably be called “merging” instead of “importing”.)
While I find
derivepassphrase's current import-without-merge behavior more intuitive than the import-with-merge behavior, vault(1) uses the latter. Therefore, for compatibility with vault(1), implement the latter by default.