Having used Tink, I can't stand it.

I'd love to just replace it with age for all use encryption use cases, but unfortunately age doesn't do AEAD without involving a password.