Logoff of session is, in my view, is not required. Because, in reality there is no session persistence. In vault, all operations are performed are over REST API. Hence, all operations we perform should be accompanied with token. When you finish your work, make sure token is not present in environment variable or home directory.