I initially went with PTA and Git, since PTA's plaintext format works well with version control. But I also wanted encryption on my local machine, so I created a script to manage encrypted tarballs (using age) of my ledgers, which I then tracked with Git.
That setup didn't last long obviously. I switched to rclone with crypt using cloud storage, but lost versioning in the process. To get around this, I adapted my old backup script to create and sync snapshots as well. It works, but it feels unnecessarily complex. I'm thinking there must be a more straightforward solution out there.
Speaking for myself, it's fairly basic: keep journal as plain text in git on personal laptop with encrypted hard drive; never sync it via the cloud; back up with Time Machine to several rotated encrypted usb drives; remember/keep paper copies of the passwords to unlock these.
This doesn't allow convenient access when away from laptop.
There's old discussion somewhere of folks using git-crypt to encrypt and then syncing via github.
In my setup I have my own git server, so I sync but have control over the endpoint. In the end it depends on what level of security you want/need. The most protected way would be to have it on a machine which is completely disconnected from the internet. The least protected would be to have it in a public github repo. In between there are many possibilities and it will heavily depend on your trust level. For me using git for the versioning is really a very big pro of the PTA approach and I couldn't imagine doing without it.
I set up gitea on a raspberry pi I had sitting around. I sync my repo from my laptop to the rpi. This worked well until my wife got upset about that little box with the red light always being on .
As additional insurance, I also sync the directory (actually my entire Documents folder) to other devices via Syncthing. I sync to an old desktop computer in my parents' home and to my Android phone. I use an app called cone to input data on my phone, and that writes to a file in the git repo directory. With Syncthing, all that data gets saved in multiple physical locations and it all works seamlessly for me.
I use a selfhosted git server, so I can keep private my version control. My selfhosted server (for git and other applications) is backuped daily to one local USB disk and one remote server with borg backup, one very efficient backup solution with encryption support.
Never really thought of this problem until reading this thread but… if I was to worry about this, I see two problems.
How do I access updated versions of my ledger from multiple locations and modify without losing detail?
How do I ensure that the data in my ledger is protected across whatever mechanism allows for (1.)
For (1.) I just use git and Gitlab. This is my current setup. I have multiple private repositories per entity I account for. For ledgers I want backed up, I push it up; for experiments I keep those local.
For (2.) encryption-at-rest solves this. I would use one of OpenSSL's encrypt/decrypt ciphers. Then keep the key in something like Bitwarden or 1Password. This way, what's going on the git cloud is some encrypted blob. This adds to the modify process, which effectively becomes decrypt-modify-encrypt — but the friction at these boundaries can be automated away.
None of my use cases has made me need (2.). I'm curious to know why (2.) is necessary with today's SCM tech.
.