Alternatively you could use a combination of AES and RSA similar how pghoard implements it: https://github.com/ohmu/pghoard

The RSA keys (or path to them) would be passed as environment variables. It would be a little easier to setup than gpg (especially for automatic backup restoration).

I have to be selective about maintenance of features. I'll consider GPG support.

Please consider libsodium or a similar "modern" crypto library instead. There's a lot of ugly 90s crypto in GPG and the API is terrible. Libsodium makes it hard for non-crypto devs to shoot themselves in the foot, and is much less code to write.