I would suggest using any cloud storage provider with a third party client, that automatically encrypts your files before uploading them, ensuring the cloud provider does not have any kind of access to your keys.
I personally use gocryptfs then mirror that to B2, but IIRC rclone and some other third party alternatives have built-in pre-upload encryption options that are easier to setup and use