Ok… but someone is building a password manager (in JS) on nostr, today? Where you expect those secrets to stay safe, and you can rotate your master PW?
Maybe I missed something and this is not a full fledged PWM.
Discussion
I'm not a dev, but I imagine those secrets to be kept in sharded, ecrypted files split between relays. As for your master PW (I assume PrivKey) you would most likely have a different set of secrets (account credentials) for different privkeys. The L2 solution would be to bind all your PrivKeys together in one account that has some kind of key rotation scheme behind it.