Truly Portable Encrypted File Access

I'm setting up a USB drive with a password manager, for my wife to use in the event of my death. I considered using a bootable linux setup, but I've seen enough hardware compatibility issues that I'm not confident leaving my wife with potential technical problems. And even if no hardware problems, I don't want her to have to figure out how to boot an external drive as it varies on each system. So I decided to try a windows portable app setup. We may have a computer for her to use, but not guaranteed, so I'd like for her to be able to use someone's computer with the portable app USB drive. It would probably be owned by someone we know, rather than something public at an internet cafe, which reduces the threat somewhat, but I would still like to be considerate of the owner and not make any changes to their system.

I have the main function working well: a portable browser, portable keepassxc with a database on the drive, and the keepassxc browser extension already installed. It's setup to start the browser and open the keepassxc database on launch, and it connects the password database to the browser extension, so it's ready for her to enter the keepassxc password and navigate to web sites where keepassxc will provide the passwords.

However, there's one additional piece I'd like to setup. I'd like to create a document (could be html or pdf) with account numbers and explanations that should be kept secure, so stored encrypted on the drive and only accessed by the portable apps on the drive. I've tried two methods, but both have issues that I'd like to avoid, so I'm asking for ideas on other apps or methods I could try. Here's what I've tried so far and what issues I've encountered.

1) Store the document as an attachment in a keepassxc entry. The problem with this is that the portable keepassxc app will only open the document in the default browser or default pdf app, which will be the browser/app installed on the host machine, not the portable browser/app on the USB drive. I'd rather not change the default apps on the owner's machine, and letting it open the document in an installed app is something I'd like to avoid as well.

This would work if there was a way to get keepassxc to point to the portable browser instead of just using the default app on the local machine, but I don't think that's possible. One idea that I haven't tried is to use the keepassxc command line app with the "attachment-export" option to store the file on the USB drive, or send it to stdout. Maybe a batch file could be setup and run from the portableapps launcher to do this, but if storing as a file, there would need to be a way to securely delete it after reading so it doesn't remain in plaintext on the drive. Keepassxc does this automatically when opening an attachment from the gui. But it first stores the file in plain text on the host machine, and opens it using the default browser, before wiping. I would still prefer that the document stay on the USB drive. Alternatively, maybe the stdout export option could be used to pipe the document into the browser, but I'm not sure if a temporary file would be stored on the host machine in that case. Also, I'd like to keep this simple and automated so my wife doesn't need much technical knowledge to use it. Anyone get something like this to work in an automated way?

2) Store the document in an encrypted container using veracrypt portable. As the veracrypt installation notes say, it is not truly portable because drivers need to be installed on the host machine to allow on the fly encryption, and it requires admin rights. Would rather not ask anyone to allow admin rights so that drivers can be installed.

Anyone know of a way to do this that doesn't involve any of the following?

Opening the file in an app installed on the host machine
Installing anything or leaving anything behind on the host machine
Requiring admin rights
Changing the default browser