Private Documents - One DMG or many?

This is more of a theoretical question, I suppose, but I’ll be using DropDMG for whatever solution I go with…

I keep almost all of my computing life on Dropbox. I’m aware of the many problems with Dropbox, but so far I haven’t found a great solution.

While I generally don’t find myself overly concerned with the security of my files, there are some files that I definitely want to protect from ever being accessible to anyone else (tax returns, legal documents, etc).

To me, this seems like the perfect case for an encrypted DMG.

I can store the DMG on Dropbox, so I know it’s always available on more than just my computer (I have multiple backups, including off-site), and not worry about someone somehow getting ahold of it.

My question really boils down to this: Is there any reason to prefer making a bunch of small DMGs vs one “meta” DMG for all of these kinds of documents?

My reasoning is that there are not many of these files, I don’t add to this collection of files all that often, they don’t change that often, and they aren’t that big. So it seems like putting them all inside one DMG (with sub-folders, etc for organization) would be the way to go. That also means just one password to worry about (although I use 1Password so that’s not really much of a concern anyway).

I could make separate DMGs, of course: one for “2020 Taxes” and one for “Drivers’ License Scans” etc.… but it seems like a lot of extra overhead and work.

I guess my main concern is that if something happens to this one DMG (I’m thinking more like data corruption than it being accidentally deleted) then all of my proverbial eggs are in one basket… but with backups, that shouldn’t be too big of an issue, assuming that I realize it in time.

Thoughts?

Yep, you can do this with the New Blank Disk Image… command. I recommend using the Sparse Bundle format rather than DMG because it will not require uploading the entire disk image each time you modify it.

I think you’ve accurately identified the tradeoffs. I would generally recommend a single disk image for convenience. If you’re concerned about corruption you’ll at least want backups, and perhaps a way to automatically detect corruption (e.g. putting the files in an EagleFiler library that can be verified or using IntegrityChecker). At that point, there’s not much more risk to putting all your eggs in one basket because you have backups of the whole basket, and it’s certainly more convenient to verify the contents of a single disk image than multiple.

When you might want to use multiple disk images:

• If you want them to have different passphrases.

• For large amounts of data, depending on fragmentation, modifying a sparse bundle may touch multiple bands and cause more data to need syncing and backing up than what you actually modified.

• If some files are never touched, you could put them on a separate disk image. This would never be modified, so syncing would be more efficient and there would be less risk for those files to be corrupted. And if you use a read-only disk image, the disk image itself will store a checksum that can be verified using DropDMG.