An approach for sharing a vault across a team would be:
ssh-vault is not properly designed for group/broadcast encryption, therefore, this approach may not be the best depending on your security requirements.
Have each group member own a public/private key pair.
Make a new group key pair and send it to each member within a vault.
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Send the key pair to each member in a secure way:
cat group_keys | ssh-vault -u alice create vault.ssh cat group_keys | ssh-vault -u bob create vault.ssh ...
To add a group member, send the key pair in a vault to it:
cat /group/keys | ssh-vault -u newb create vault.ssh
To remove a group member, a new group key pair K need to be created and resend to the remaining group members.