Thanks Michael.
I backup my entire vault directory periodically with no special attention to the masterkey.cryptomator and similar files (I have a small vault).
I see here it says “The .bkup file is a backup of your masterkey file. It’s created after every successful unlock.”
My vault directory includes several older masterkey.cryptomator.xxxxxx.bkup files including prior to my last password change. To my thinking, they represent a vulnerability to accessing the vault using the older password (which had less entropy). I realize there may also be cloud copies of older versions of those masterkey and backup files, but I’d still rather not have those older versions stored right there with the data if they are not serving any useful purpose.
To me, the logical approach would be delete all but the most recent (by timestamp) .bkup file since the older ones don’t add any value as long as I have the most recent .bkup. Does that sound reasonable to you?