A vault is where high-sensitivity material lives with tighter expectations. Think credentials, intimate letters, or anything you would not leave on a kitchen table.
Encryption protects data at rest and in transit; your rules protect data at access — who is allowed, when, and why.
Least privilege
Grant the minimum access each role needs. You can widen later; unwinding an over-share is harder.