I don’t use GPG in anyway except: gpg -c to encrypt a .tar.gz archive that contains data that I backup on the cloud (and use gpg -d file.tar.gz | tar xz to decrypt.) I use a strong passphrase for that, that is stored in a kdbx file (that has all of my passwords (but I have another kdbx file for 2FAs for online accounts)) which I save its passphrase in my brain.
I use restic. I basically encrypt its repository (which is a directory) as mentioned above, then upload the encrypted archive to a cloud storage so in case of losing local ones I don’t lose everything.
My question is: Would using Split GPG be useful here? Honestly, Split GPG seems complicated to me, but also seems a very great feature, so I don’t want to miss it if I should use it.
A dedicated not-networked very-minimal AppVM is made only for restic.
A dedicated not-networked very-minimal AppVM is made only for GPG.
A dedicated not-networked very-minimal AppVM is made only for storing.
Three AppVMs with their dedicated templates cloned from debian-12-micro which is itself cloned from debian-12-minimal and then had been more minified as per this guide, then only restic is installed in one, only GPG in the second, and nothing in the third.
What I currently do is: moving what’s in the storing-only AppVM (which has my data that I would like to backup, unencrypted) to restic AppVM, then use restic to create the backup, then move the backup from restic AppVM to GPG AppVM to encrypt it there, then move the encrypted backup to the place that I would then upload the backup using it.