Can I ask questions about your setup? I don't intend to grill you on it or pick it apart - I would like to go down this route further, but find myself gradually moving away from it. I switched from Keepass to Bitwarden in 2020, knowing it was just a move towards convenience.

I suppose you realised you could protect against the scenario where you run outside without any devices, by just having a copy of the encrypted data sent to some cloud service, e.g. iCloud/OneDrive/Google Drive, but decided you couldn't trust any?

I know everyone's threat models are different, but I'm still curious to know your thoughts. There's no one you would trust with an encrypted copy?

Do you have any automated backup of your phone to a cloud service, or only local? If a cloud service, do you make sure it excludes your password manager? If no cloud backup, then do you make sure you have a copy of your data outside the house?

I have incomplete thoughts about the robustness of my password/OTP code backups. It is the 2-factor codes, which one day in the distant future, when I am overseas holding a new replacement for a lost phone, looking at the text "Enter the 6‑digit verification code", I will wish I'd thought about more carefully.

>>> by just having a copy of the encrypted data sent to some cloud service, e.g. iCloud/OneDrive/Google Drive, but decided you couldn't trust any?

False sense of security. As proven countless times in these forums, a ban on 1 product or 1 account on Google, is a ban on all of Google for that device and linked devices. I dont think you have factored in this risk. Or that commercial products get discontinued all the time. Open source (syncthing) doesn't have that issue. And we haven' touched billing yet.

>>> There's no one you would trust with an encrypted copy?

Doing password backups is particularly tricky. Commercial vendors are robust and depend on local circunstances. They do have changes in ownership which do change security priorities. Its a bit of a moving target whether they can be trusted or not. For non password needs, the answer is much simpler:No. They will sell data, at a minimum.

>>> o you have any automated backup of your phone to a cloud service, or only local?

Only local. I have 1 device parked in a relative's house that gets updated everytime i am there. That's my remote backup. But its not a daily backup, but i can live with that.

>>> I am overseas holding a new replacement for a lost phone, looking at the text "Enter the 6‑digit verification code", I will wish I'd thought about more carefully.

This is, indeed, the most important thing you must resolve. How urgent you need access to X ? Maybe you should solve for that separately. Everything else is much simpler and done.

For myself, i keep an encrypted usb disk with rsynced backups at my parent's place. Office drawer is another popular option. Another drive at home. Swap them every so often.