Vaultwarden is impressive. Years of work without issue. It supports Yubikey now.
Eventually, I ended up using Pass though, since I prefer terminal. Pass doesn’t have any database to break: it’s just gpg and git. With Yubikey, every password needs a touch.
Yes, phishing is a concern, but is addressed by the same Yubikey. Most websites that matter support it.
There is a CLI, but like KeepassXC I’m not sure it’s per password. All passwords seem to be encrypted with the same master key. Note that since the encryption is symmetric, for encryption you still need to expose the master key.
For sharing, I use diceware passphrases (with few words quickly typed in iOS keychain). With autocomplete it’s quick.
There is a good mobile app for Pass though (I don’t use it). I try to separate the systems, and not to share as much as possible. Otherwise, Vaultwarden would quickly sync, and is reliable.
Pass with Yubikey is more secure than other password managers in my opinion: You decrypt the password for a site and other passwords are not exposed. With other password managers, the whole vault has to be decrypted.
Eventually, I ended up using Pass though, since I prefer terminal. Pass doesn’t have any database to break: it’s just gpg and git. With Yubikey, every password needs a touch.