Good job for doing something. It all boils down to what you are comfortable with, adding security will always add a certain level of inconvenience. Ideally the next step would be to fully automate what you have.

Elaborate does not mean secure, often it's the opposite as adding complexity adds new ways of failure.

If you are talking about this SOPS https://github.com/getsops/sops it doesn't change much you need to store the master key somewhere. It makes it easier to operate, but your trust boundary does not move.

You cannot sell active data without explicit consent but what if data that has been "deleted" accidentally gets shared with a 3rd party 🙈

Smells like desperately trying to save on storage costs.