We've been using Team Password Manager for the last two years and have been very happy with it. Self-hosted, very affordable, and includes audit logs as you mentioned.
We're currently trying out teampasswordmanager.com and it's a local install accessible via a web interface, supports 2FA via Google Authenticator, and access can be controlled at the "project" or group level. Also can authenticate via LDAP.
You might want to check out teampassword manager
https://teampasswordmanager.com
You can store your passwords divided in different projects and machines. You also can create tags for your passwords.
The only thing is the point with documentation. You might be able to get this working with tpm if you use the custom fields or the note field. I'm not sure if it works out, tho.
You can give it a shot for free. (trail is like a month, but you can probably extend it if you reach out to the support. They are very kind!)
Only downside is, it's a bit costly. I can't recall the prices right now, but they are listed on their page.
Kind regards! :)
EDIT: I forgot to mention that you can manage users and give them access to projects and / or passwords.
One thing I would suggest is that not to use any cloud version of password managers for your small or large businesses.
We're using https://teampasswordmanager.com/ in our environment for past 4+ years and it has been pretty good and solid. We are using and hosting this inside of our prod environment And not relying on any cloud based providers like LastPass. We maintain the server our selves with purchased license with support.
If you want to go with free version, i would recommend Bitwarden as well.
Please do your own research for your needs and put it them for testing and get opinions from your users who's going to be using.
For day to day stuff, aka myself to remember, I'm running an instance of team password manager on my server. It's free for personal use, and as opposed to all the online password managers, you don't end up as collateral damage if one of those gets hacked.
I've got each account & password in there, for crypto in addition the private key in the comment field.
With added 2 factor authentication it's as safe as it gets. Plus it's running on some obscure subdomain on a domain nobody knows to begin with, so the risk of someone even finding the access panel is very low to begin with.
An der Stelle ein Quereinstieg von mir - habe ebenfalls meine Nextcloud bei all-inkl gehostet, und gleichzeitig noch den team password manager auf einer eigenen subdomain. Da ist das Risiko wesentlich geringer, als "Kollateralschaden" bei einem Hack von Lastpass & Co. zu enden, die Daten auf dem Server werden komplett verschlüsselt, und 2FA ist auch möglich via google authenticator app.
Die bieten auch eine Gratislizenz für den Heimgebrauch an, ist allerdings gut versteckt: https://teampasswordmanager.com/faq/free-version-limitations/
Dort habe ich alle meine Passwörter hinterlegt und kategorisiert.
Einen 'echten' digitalen Nachlass pflege ich zwar nicht, aber das Masterpasswort in einem versiegelten Umschlag mit in den Notfallordner zu tun und regelmäßig zu ändern wäre ein gangbarer Weg. Bei Nutzung von 2FA nur darauf achten, dass deine Frau ebenfalls die authenticaon auf's Handy kriegt - hatte ich in der Vergangenheit dadurch realisiert, mittels Titanium Backup einen 1:1 Klon inklusive aller Daten vom Authenticator auf ein Zweithandy zu schieben. Braucht aber meines Wissens nach root - da ich ohne nicht arbeiten kann habe ich gar nicht erst nach anderen Lösungen geschaut.
Team Password Manger isn't free or open source, but it's self hosted, has an Android app (not sure about iOS), and supports sharing passwords, so it meeds all of your criteria. I left this product for Bitwarden about a year ago.
Self-hosted version of team password manager. Free for personal use (up to 2 users).
See https://teampasswordmanager.com/faq/free-version-limitations/
Requires webspace with PHP and mySQL somewhere, but comes with the benefit that you won't be 'collateral damage' when any of the main cloud password services are breached.
Someone would find out your domain and subdomain first, which can be any random obscure stuff.
Supports 2FA via google authenticator as well, been using it for years without issues.
We will be shopping for a new one soon. Currently we are using https://teampasswordmanager.com/. I hate it. We originally got it because it was cheap.
For personal stuff I use bitwarden and love it. When it's time to evaluate for the company, bitwarden and lastpass will probably be my top two choices, but it will ultimately depend on the business requirements.