[auxym]

I use Keepass(XC) across all my devices, windows, Linux and android.

I sync the DB with Nextcloud and encrypt with a combination of password and keyfile. The keyfile is a few KB of /dev/random and I only transfer it "offline" between devices (mostly over USB to/from my phone).

[aborsy]

I could suggest a small improvement: a diceware password instead of directly taking the output of /dev/urandom. That would allow you to easily and securely exchange the symmetric key by typing it.

Also, /dev/urandom instead of /dev/random (as seed to diceware).

[acidburnNSA]

Oooh smart. Yeah moving my keyfile when I get a new phone or device every few years via a USB cable hasn't been much of a hassle, but your plan is even better.