Yubikey
Yubikey is the industry standard hardware token that is able to store private key information on the device, and sign messages without exposing the private key to the operating system
I’ve started using yubikey when I renewed my PGP in PGP key migration march 2025. My ssh serves are configured to only allow connections to the key on the device and my git commits are signed with a PGP signing key, which requires the yubikey. For each of these actions, a pin needs to be entered to unlock the yubikey
Link to original
private keys on hardware devices
To further protect ourselves from malware and infostealers we can move our private (sub)keys onto portable hardware devices such as yubikeys to avoid exposing our private keys as plain text files on our filesystems. An added benefit is that we can then carry our keys with us in person, allowing us to sign and encrypt messages on any device or platform in our vicinity and increase the trust others can put into the authenticity of the key signatures.
Link to original