Using rclone to backup to B2: backup-dir vs B2's lifecycles

This is not asking for rclone help as I know how to do what I want. I am just thinking through my options.

I am setting up a new server and I want to backup the entire thing to B2. I see two approaches:

  1. Use --backup-dir with dated directories
  2. Use B2's Lifecycle rules to keep revisions

There are pros and cons to both. I am kind of just thinking "out-loud" and want to see if I am missing anything.

Backup Dir:

  • Pros: Backend-agnostic. Same procedure I use elsewhere. Easy to mount and see the backups. Better for moved files if I choose to track them. More easy to prune. Can use filename encryption if desired
  • Cons: Requires extra API calls. Requires an API key that allows deletion

And for Life Cycle rules, it is basically the opposite:

  • Pros: Can have an API key that disallows deletion. Fewer API calls
  • Cons: Cannot use filename encryption, Harder to browse and decipher. Specific to B2 and therefore also harder to migrate

Am I missing other pros and cons? I don't really mind the API calls of --backup-dir. I also do plan to do crypt but I can forgo name encryption.

Really, the biggest benefit to using the Life Cycle is that if there is a server intrusion, even if my config is compromised, a bad actor can't delete my backups (if they are on my system, it doesn't matter that they can decrypt my backup).

Any other thoughts?