> As a company password manager, there is no way to know who's accessed which secret across their lifetime at the firm so you get to change all the passwords constantly.

You can setup different directories to use different keys, and you don't need to limit yourself to a single key for each password either. You can use multiple. So you can setup structures like:

- admins/.gpg-id "admin\n"

- techs/.gpg-id "admin\ntech\n"

where admin and tech are 2 keys for different groups of people. Admin having more access. Or even better:

- site_foo/.gpg-id "bob\nalice\n"

- site_bar/.gpg-id "bob\nrobert\n"

where each employee has their own key. So you can fine-tune which passwords need changing if an employee leaves, and which passwords an individual employee needs to be able to access.

You can setup git submodules to control which passwords which employees can know to exist.

And given that git is being used, you can know which passwords an individual employee ever had access to, were their access to change over time.

"having access to" is not the same as having opened it, though. A server could log which files were retrieved without knowing what the contents are

By having such audit logging, we could see that we e.g. don't need to call the alarm company to change the phone password. Most people don't work in the office outside of business hours and so never need to call them, but since it's the only way of proving you're an employee if you accidentally set off the alarm, we give everyone access to that password. There's at least a dozen examples like that