You can do stuff with gssapi / kerberos. Or, if you consider that 2FA, you can use client certificates in addition to passwords. Interactive 2FA probably imo doesn't make that much sense for a database.
The "team secret sharing problem" usually refers to "how do we manage all the API and backend secrets we need to deploy and test a new instance, without having everyone shlepping them around on their dev laptops, and without ending up in a mode were the loss of one server equates to the loss of every instance in the environment."
The "team secret sharing problem" usually refers to "how do we manage all the API and backend secrets we need to deploy and test a new instance, without having everyone shlepping them around on their dev laptops, and without ending up in a mode were the loss of one server equates to the loss of every instance in the environment."