I assume that the threat that you are trying to mitigate is the threat of someone (e.g. the cloud service provider or an attacker) that has gained access to the encrypted file being able to decrypt the file. AES256 is the strongest encryption that we have at the moment. Nearly all modern secure protocols (e.g. TLS, Signal, SSH, OpenVPN, etc.) rely on AES at their core. So, you’ll want to use AES.
Then, the strength of the key is vital. You can derive a key from a password using a key derivation function. But, any key derived from a password will at most be as strong as a random key generated by a CSPRNG. So, you might want to simply use a CSPRNG to create a random 256-bit key.