I think this is a great approach provided it fits your threat model of course. This is pretty much what I have done and what I am still doing.