I changed my mind.
Instead here’s a photo of Joanna’s computer and how she uses Qubes and VMs to secure her passwords and private keys. Each box is a VM and the arrows are how they’re connected.
As you can see in the blackbox, it is a VM, not connected to anything, and it holds her private keys. When decrypting anything, you can just send the text or message to the blackbox, to decrypt it.
As for password managers, on my blackbox, I have KeyPass’ per identity of mine. The key to unlock each KeyPass however, is not stored on the computer.
I use PasswordSafe, on an old android device, that is not able to connect to the internet, to store my keys to each KeyPass identity.
Might be “overkill”, but it’s better become lazy and relaxed with a system that’s over the top than one that’s anything less.