[mnahkies]

I've moved to storing my keys in my password manager, using it as an ssh agent. Means clicking authorize a bit, but also means I'm running a command I'm expecting to use a key then being prompted to authorize (and if it ever prompts unexpectedly I can stop and ask why)

Hardware keys would be better, but I think this is a decent balance or security vs convenience for my needs ATM.

[cosmic_cheese]

The experience is similar with keys in Secure Enclave. When anything tries to access a key I get a Touch ID prompt which makes it difficult for anything to use it without my knowledge.

[perbu]

I have the same and I'm very happy with UX, but less happy about the key leaving the machine.