Currently we can use Bitwarden either hosted or self-hosted, which solves most of these problems (plus my own extra rig I built to generate OAuth tokens, for people which support that).

Could you elaborate on what challenges you face that can't be solved by the Bitwarden approach?