Q1. What is the problem that you are trying to solve?
Trying to separate vault of password belong to one user.
As a user, I would like one of my passphrases to only unlock a subset of the passwords.
For example, these needed for Android, where typing a password isn’t safe, would be in a subaccount so that if this password is compromised only this subset is.
Q2 - Who is impacted?
Any user having desire/need for containerizing its set of passwords based on password-sensitivity and/or devices-vulnerability.
Q3 - Why is it important and/or urgent?
It’s useful to people having mixed use of different devices of different security level while having many password of different important.
It also reduce the impact of a successful attack.
Q4 - What is your proposed solution? (optional)
The most obvious solution already exist: Use different accounts and share passwords accordingly.
But this imply completely different keys.
I think GPG subkeys would be interesting here since there is some common surface and concept.
The “master” key would unlock the whole set as it does current, but passphrase-protected encryption subkeys would unlock a restricted set (the sharing logic would be similar).
So that there is a clear and nice one-way hierarchy between keys is reflected between datastores.
Example: Gmail & Firefox sync password are shared with Android. Credit-card number is not.
I initialize a passphase-protected subkey and share with it the password for Gmail & Firefox.
On Android I never use master’s passphrase but only the subkey.
Result : Credit-card number is safe from attackers keylogging the Android device.