[Firehawke]

My experience is that the initial setup with gpg-agent is a massive pain, especially on Windows+WSL2 setups, but once you get it working it's great.

Well, except when gpg-agent dies out of nowhere and you have to restart it..

It's still better security even if it doesn't go quite as smoothly as I'd hope.

A tip to anyone else here who wants to do this: You want gpg-agent, and you absolutely need to use a newer build of OpenSSH than the one that ships with Windows 10 currently. Remove that and go find the official distribution on GitHub or Chcoolatey so you have a version that supports that key type. Then you also need to make sure to set up the environment variable GIT_SSH to point to that version of OpenSSH or else Git for Windows will try to use its own older build and then you will spend a week trying to figure out how to make it work.