I've not used it with Vault (I don't know much about Vault) nor in a group, but it basically is a tool for managing a bunch of gpg-encrypted files in a given directory tree, and it uses git for version control and database distribution / synchronisation, and allows for encrypting for multiple GPG recipients. See man page [1], the FILES section especially.
Haven't done it myself, but I would probably have a git post-receive hook trigger a service (jenkins?) to pull down and decrypt the secret repo and update vault
[1] https://www.passwordstore.org/