[positr0n]

What about encrypting your pem file with AES (using 7zip on a Windows or OpenSSL on *nix) and then backing it up to the cloud?

[cpucycling]

If you keep one key per device, you can revoke it if/when that device is compromised, stolen, etc..

That key is for initial access to provision your machine, after which you should have a more sophisticated means of managing users, as certainly, if you are doing anything of much importance, you will eventually need at least 2.

[danesparza]

And your IV and key for the AES encryption ... are you going to back that up to the cloud too? :-)