tldr: my backup script, set variables at the beginning.
For a last year, my backup process has become dead simple:
compress the important directories with tar.
encrypt the resulting archive with enchive.
put the encrypted archive on the s3 bucket using s3cmd.
The main part of the process is enchive utility, of course.
I used to be a big fan of encpipe encryption tool, and used it for a years. But the problem is: you have to enter the pass-phrase interactively, or pass it as an $ENV variable, which is far from secure.
On the other hand, enchive handles it in a wonderful way: it uses asymmetric cryptography, so you can store only the public key on a servers, without a fear of leaking it.
Moreover, you can derive the key pair using your own seed (aka password phrase).
Thus, you don't even have to store the private key anywhere, you don't have to deal with keys backups, you can simply generate the same pair, using the same pass-phrase right from your head, on demand, on any machine.
This feature makes enchive a brilliant tool to backup the important data, like password manager database, or git repositories.