@tdk@fosstodon.org thanks for the hint!
I looked briefly at it.
I moved away from password-store, because of the missing integration to browsers and because I wanted to start using gpg.
I already have to keep an eye on my key I use to sign the boot environment of my notebook and to decrypt the key for my cryptfs.
Furthermore I love the fact that I can read, understand and change #pass and #tomb as they are shell scripts using utilities I know already and that are used on nearly every *nix system.
I furthermore like the idea of syncing via a self-hosted gitea.
For this solution I can always fall back to using the command line if something goes wrong.
I'm of forced to use any gui.
Beside carrying an openpgp card my LibremKey (Nitrokey) does check the boot environment via heads and TPM showing a green led if everything seems o.k. and I use it for totp wherever I configured to use 2fa.
A lot would work with a yubikey also, but not the boot checking of my notebook.