Cloud provider or self-hosted for key-storage?
I was reading this question: Where do you store your personal private GPG key?
I have my set up as noted in this comment: Where do you store your personal private GPG key?
But instead of using a cloud provider I use my own, self hosted cloud-like syncing service.
I notice some downsides right away:
- my keys are still only as good as my password protecting my key container
- the uptime and service guarantee of my sync is only as good as I can provide it (no high-availability for example, as of right now. But it hasn't failed me (yet)).
But the major question I'm asking myself, since reading that everyone seems to be putting their keys in some form (QR code, container, encrypted, split in various parts, etc.) on some cloud provider:
Should I be using a cloud provider or my own self-hosted service?
Benefits are clear for self-hosted:
- Only indirect access by anyone vs cloud provider might be able to access my files without problems
- My own little server somewhere on the web is less likely to be focus-targeted by malicious actions than a cloud provider
The downsides are:
- My self-hosted might certainly lack behind on updates from time to time (like when I'm busy with a hard week at work and I'm lacking on installing potentially important security updates)
- I cannot provide the same activity-/request-/any monitoring as a large provider can to notice when malicious actions happen and take action
So what do you say? Put my key-store on a cloud provider (some AWS, Google Drive, OneDrive, Host it in a private github, etc.)? Or keep it on my self-hosted?
