I highly recommend pass.

It’s very easy to just use git to sync, and easy to set up with several different keys, and can be used as a password sharing database in a small devops team.

Since I’m using git to sync, I can easily tell when I’ve last changed any password and optionally keep a history of passwords I’ve used.

It fits well with my life in the terminal, and I use browserpass for Firefox integration.

If you already have gpg set up it’s quite easy to just sync it with git. Then your server only needs to be online when you want to sync.

You can (probably should) use different keys per device, and works wonderfully with Yubikey or other gpg hardware keys if you want extra safety.

The main issue would be thay users can post personally identifiable information themselves.

For example, I can say that my social security number is 1234 and that would be personal data if it was true.

I’m not a lawyer, but i think i remember something that the gpdr rights cannot be just waived.

Since the user can just delete their own posts, it shouldn’t be a problem, but what do I know.