Use TPM2 with python to store temporary master key

Question

I have made password manager in python in the same spirit as lesspass. The principe is simple. The password is generated based on a master key and the name of the service, you can think of something like :

hash(master_key + service_name + pass_version)

This way, the password is never stored anywhere and can be retrieved from several device because it is generated using the same method.

I really like this way of doing things (no sync, no pwd storage), but I got bored of tapping the master_key every time I need one of my password. So I want to add an option to store my master_key or the generated password for a limited time after tapping my master password.

I naturally turned to the TPM which seems to be the most reliable solution for storing secrets, but there are a lot of way of using it and I got a little bit confused...

My constraints are the following, I want :

• To store secret (master_key or generated password) in TPM with an expiracy time managed by the TPM (after that time no one should access the data)
• I want the data to be allowed only for my user (or eventually root), the method I found is to set an authentication by password that I will store in file with chmod 600

My questions :

1. is there a more secure way to use TPM with my use case?
2. there are many types of storage, I don't see which one is the most suitable
3. I tried to use tpm2_pytss but the documentation is a bit lacking for the beginner that I am and I can't find examples that do the same kind of things... So if someone can share an example, I would be more than delight