I am really impressed by bitwarden by the way: Much better than lastpass, and as convenient as chrome password manager once the chrome extension and android app are installed.
The integration of TOTP to each account is a great improvement.
I have not been able to use my U2F usb key to secure the access to bitwarden at this stage. not sure why. The key seems not detected by the browser even if it works well on other website.
The 2FA authentification with authenticator/authy works very well though.
Regarding the env variables, I am using myself config fully centralized on portainer: i create app template on github that are called by Portainer to create the stack.
For obvious safety reasons , Some critical parameters are set as variables define within portainer.
example:
Works like a charm but i am also considering using the config and secrets mechanism of docker through portainer.