Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.
Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.
Vaultwarden, a FOSS Bitwarden server compatible with upstream clients, is able to store TOTP, and when self hosted, you are the watchmen.
Yeah, this is fine. It’s closed source, opaque cloud solutions that people should be wary of.