Ive been using pass-qubes with SecBrowser.
https://github.com/kulinacs/pass-qubes
It is possible to use the same vault for multiple AppVMs. I have that configured now for my SecBrowser. For example, i can add just my email password to my Thunderbird (only) AppVM. Then set environment QUBES_GPG_DOMAIN=my-vault.
Next I could add my whonix forum password in separate AppVM with environment QUBES_GPG_DOMAIN=my-vault set in that as well.
Also possible to add the password-store to an dvm template (AppVM with pref template_for_dispvms=true).