I want to use the CLI on my headless server to manage certain API keys. I don't want all of my vaults be accessible and exposed there, so I would like to exclude all other vaults. This is currently not possible. I thought of another way: sharing my vault and creating a separate proton account that is running on the server. This is however not an option, since I would have to pay for this second account as well, since proton does not offer CLI to free users.

Please make it possible in the CLI to only access certain vaults for a session, requiring a re-authentication/login if additional vaults should be accessible. I think this could all be done on the login page in the browser when doing "pass-cli login", just a simple list to select which vaults should be allowed.