The Synology DSM supports creating encrypted file shares and I want to use this for backups as these can contain personal files. Initial setup seems pretty flexible as you can create a share with encryption or enable encryption on an existing share and you can use key files or pass phrases and there's a feature called a Key Manager with good documentation for DSM for all of these.
My setup is to use a removable device as a key store.
It starts with setting up the Key Manager from the Control Panel under Shared Folders. From here you initialize the Key Manager and pick the USB device (otherwise internal) and set a passphrase for the Key Manager.
Then start creating shared folders that use encryption and you can pick the key manager. This also lets you pick if you want encrypted folders to be enabled automatically on boot which would require leaving your external key manager device connected.
After that, you need to keep copies of your key store and keys somewhere safe in case you lose key store device.
Once all setup you can start using that file share and it is pretty much seamless. In Windows I removed the old file history backup target and re-added the new encrypted share. On the Synology I removed the cloud backup targets, moving the files to the new location, and re-adding the cloud targets using the new location.
Stay safe 🔐