Metadata can be backed up on HW 1 which is the only card allowed to generate transactions and addresses. However, in the event that HW 1 is lost or destroyed, this data will be lost and any addresses that do not contain onchain activity have the potential to be reused.
My thoughts on this are to have a two pronged system of redundancy.
Backup metadata in an encrypted tarball that lives on the internal disc of primary and secondary machines.
Share a backup of metadata whenever a user exports a PSBT and back it up on the various HWs used to sign the PSBT.
Metadata can be backed up on HW 1 which is the only card allowed to generate transactions and addresses. However, in the event that HW 1 is lost or destroyed, this data will be lost and any addresses that do not contain onchain activity have the potential to be reused.
My thoughts on this are to have a two pronged system of redundancy.
Backup metadata in an encrypted tarball that lives on the internal disc of primary and secondary machines.
Share a backup of metadata whenever a user exports a PSBT and back it up on the various HWs used to sign the PSBT.