100% agree. I would add that the data repository for the password manager should be in cold storage too.

For instance, I use KeePassXC and the password database is only available when actually retrieving sensitive info.

Also I use the Keybase KV feature (online vault) for easy access to sensitive info. I've developed web app for automated access to the KV feature. DM me if interested it is an OS neutral solution.