Syncthing works great for this if you have an always on computer. If you don't you can use a server and add it as an untrusted recipient if you have to, though I would not bother since the database is encrypted with your password anyways, and is not vulnerable if you never reuse your db password and there is enough entropy.
And you can use keyfiles that you sneakernet between devices at setup time, so those are never exposed to the syncthing shared folder. I don't think this adds much security since presumably if someone can compromise your syncthing secrets, they could probably grab your keyfile too, but in the event of a syncthing vuln that doesn't lead to other filesystem access, it might help.
