I wish I had known about this site when I was writing [1]. If we use warranties as our expected lifecycle, this lets me drop down from $5 per TB-year of storage down to almost $2 per TB-year. What immense savings compared to the cloud!
Doing a self-audit like this is actually an amazing idea. I consider and re-consider my choices every once in a while, but sitting down and doing an end-to-end write-up would put me a lot more at ease.
Like you, I also considered the implications of mixing TOTP into KeePass, but eventually landed on going all-in on the one database. It does mean raising the bar for keeping it secure, but it was already very high to begin with.
One thing I have considered is combining this all-in-one approach with an additional keyfile, which I could then share OOB to devices, effectively adding a second factor. I like the idea of using Yubikey or similar, but the fear of locking myself out is too great.
I don't get it -- AWS deep archive is $12/TB/yr and provides actual durability and connectivity, not just drive-in-a-shoebox. That seems pretty hard to beat by buying raw storage at retail
AWS connectivity is stupidly expensive in the outgoing direction, so that connectivity may or may not be worth much of anything. Connectivity is also a risk.
Overall glacier is only really suited for backups, and I don't need that much durability for a single backup. And even if durability is a big deal, I can get there cheaper. Especially using a realistic expected life cycle and not the warranty period.
[1]: https://andrew-quinn.me/digital-resiliency-2025/#postscript-...