That’s a lot of places where your master password can get stolen.
Only red scenarios seem to be a real threat to me. What other scenarios from the list (or your own) do you see when masterpassword is stolen?
Not a comment on your system:
I see you mentioned pirated Cellebrite. I was kind of hoping they have some online checks to see whether the user is legitimate, but I guess pirated copies do exist. I hope a typical thief wouldn’t think or even know about such a thing.
Typical thief likely not. A radioelectonics marketplace to which it’s sold – maybe? Have no clue how common it’s there.
Looks good. Probably best to remove the email address and other forms of identification from the envelope with paper, so that a thief can’t figure out easily what the passwords are for.
I wonder if tiny mirrored hard drives are the best way to store sensitive information long-term. From what I read, hard drives are more durable than SSDs, and it seems that the larger the volume, the more prone to breakage the drive is. (edit - I mean for cold storage specifically)
EDIT2:
if you want to be super extra safe, you could backup also the git repo or a binary for the decryptors you mentioned. These projects could also cease to exist and you could have a hard time finding an alternative (highly unlikely, but not impossible). Also best to periodically test if they still work
I frequently think of this as well. I am starting to consider M-Discs which are supposed to last for 1000 years. Obviously untested because we didn’t have M-Disc in the dark ages. But it could be an option especially when considering possible Carrington events.
If a thief burgled your temporary house they’d have your password and 2FA recovery and you’d have no clue. Even without context, there’s a good chance they could manage to credential-stuff it, if this burglar also happens to have some basic hacking knowledge.
Envelope unsealed or stolen – would mean they saw info.
Yes, I realize this. But what’s better alternative? You still need to put it on paper to protect yourself from forgetting it (incl. amnesia, being uncounsious in a hospital).
Towards the end of the Lawyer, Passport, Locksmith, Gun given by Deviant Ollam a few years ago he goes over some options for password control and account access in the case of emergencies. You could look at implementing some of the options he goes over.
Did I understand correctly that you are trying to use Bitwarden alongside KeePass?
No, I’ll use KeePassXC to migrate the vault from Bitwarden if Bitwarden suddenly seize to exist. My vault is not backed up to KeePass in any other case.
I think it would be better to just use KeePassXC right away. But is it too much?
Instead of BW or just as another backup source?
If 1st – I’m fine with BW, I want it to be cloud-based.
2nd – if I already use BW on pc I guess, backing up to KeePass makes sense as it doesn’t add additional risks?
But I don’t use desktop/broswer password manager. I’m paranoid about pc security as it’s more likely to get malware. So instead, when I need to log in to something on pc, I copy needed password from mobile app to cloud notes app, paste it on pc and delete from notes. If pc is compromised – it’ll likely compromise this specific password and then I know it’s pc is not safe anymore.
Not ideal, agree. But at least I don’t lose masterpassword to keylogger if I had password manager installed on pc.
Exactly 
Buy Yubikeys and use them for secure your BW and all supported accounts .
I hear Yubikey advice a lot. But can’t grasp what are the exact benefits security-wise for my setup?
Your account only logs in successfully if you physically press a button when prompted. Its a significant hurdle to bypass, either by finding out the location of the target, going (or sending someone) to the target’s physical location and successfully stealing the correct Yubikey key.
I just don’t understand what red scenarios become yellow/green with Yubikey. Or yellow become green.
Hmmmmm, I’m not sure, but maybe this may be be of relevance: for my system, I have a YubiKey that has a biometric authentication. If someone steals that YubiKey, then they also will need to slice off my hand to use it. This essentially makes basic theft of this key a non-issue for me, which is the max of my threat model.