I don't know about best practise but it integrates closely with Git. I store the encrypted passwords in a remote git repository. That means if someone else had the same GPG key and the password for that key, they could simply clone the repo and obtain the passwords. Equally they could add passwords and push them to the repo.
So that seems like a reasonable way for people to share them. However, I only use it for myself so I may not have thought of all the gotchas.
So that seems like a reasonable way for people to share them. However, I only use it for myself so I may not have thought of all the gotchas.