From this thread, I understand that export doesn’t respect the --session operator by design for security reasons.
However, as I understand it, if the export is being made to encrypted JSON the master password would be needed to decrypt the export. So, could the CLI be permitted to use --session to pass the session key to the export command as long as --format is specified as encrypted_json?
That way the resulting local file is apparently not necessarily any less secure than by requiring the master password to be reentered before the export command is run, correct?
Allowing export to receive the session key in this way and in this limited scope would simplify automated vault backups. And it looks like this would obviate the need to take an inadvisable step like dumping the session key to .bashrc in order to achieve the same kind of result.
Thank you so much for your thoughts about and consideration of this suggestion.