I'd say you will need a password manager with good auditing. Give them access to all the required passwords but log every access to it. So if someone leaves the company, you know which passwords to change.

Groups and ACLs would help to give "scoped" access to passwords.