Encryption

Storing passwords in the database, is the encryption logic correct and secure?

The client needs a system for storing passwords for different projects, and each password can have one access for different users (this is a necessary, undeniable condition).
In case of theft of the database or project files, the encryption key should not be exposed anywhere.
What if:
We encrypt passwords with one master key.
Each user of the system has its own key, which is used to encrypt the master. Accordingly, each user enters his personal key to access the final password -> the system decrypts the master -> decrypts the password -> issues it to the user of the system. All this is hung with the logic of access rights at the system level.
Point out the flaws in the logic, I'm a layman in data protection)
With this approach, I see a problem if you store the personal key in the session