Hi @Foxy,
Some encryption is better than none, but encryption in storage only considers one part of data security.
You’ll also want to use the AES Encrypt (Advanced) module so that your private key doesn’t get stored in plaintext.
An AES 256-bit key can be expressed as a 64-character hexadecimal string (containing A-F 0-9).
As for picking between CBC vs GCM, here’s a Crypto.SE Q&A that answers the question: encryption - What is the difference between CBC and GCM mode? - Cryptography Stack Exchange
If you choose CBC, you’ll need to also store the Initialization Vector, and if you choose GCM, you’ll need to also store the Authentication Tag, alongside the encrypted data.