I am not necessarily recommending this, but presenting it as an option. I use a VeraCrypt (nee TrueCrypt) archive with a plaintext file in it. This has advantages (simplicity, security through obscurity) and disadvantages (no auto-form-filling, which is a good protection against phishing[1]). It's worked for me for well over a decade.

[1] https://jacob.hoffman-andrews.com/README/2017/01/15/how-not-...