As I said before, it is advised to use the .env solution since, as you noticed, is much more streamlined.
Now in a Hashicorp Vault approach, you would have a remote Vault server that holds all the secrets needed to build your app. You as well as other employees for example could have access to the same or a different collection of secrets, your access leased for a specific time period, each time you ask for a secret it is logged and all of these may be done without you ever being able to know the actual value of a secret e.g. an API key. The actual secret values are inserted in the code automatically.
So what you would do when you open your laptop to work would be to login a terminal to the remote Vault server with something like
vault auth d08e2bd5-ffb0-440d-6486-b8f650ec8c0c (that is an example token that may be given to you by your manager) and then you can proceed with
ionic build android --release etc…
Now I wouldn’t like to go in more detail, since we are already way off topic. For more info on Hashicorp Vault authentication go here.