In that case I'll need to update my understanding, but this still requires you to do manual configuration for your SSH key - the id_mykey_sk file in your example.
I know this is just a reference, but it's still manual configuration. On a host with an SSH client that can speak PIV [this is a challenge], I can just plug in, enter the PIV PIN code, and go.
Read farther down, you don't need this key, you can delete it if you want. You'll just have to run `ssh-add -K` every session if you do, so your agent reads the key from the device.
> ssh-keygen -t ecdsa-sk -O resident -f ~/.ssh/id_mykey_sk
I know this is just a reference, but it's still manual configuration. On a host with an SSH client that can speak PIV [this is a challenge], I can just plug in, enter the PIV PIN code, and go.