Yubikey is the industry standard hardware token that is able to store private key information on the device, and sign messages without exposing the private key to the operating system
I’ve started using yubikey when I renewed my PGP in PGP key migration march 2025. My ssh serves are configured to only allow connections to the key on the device and my git commits are signed with a pgp signing key, which requires the yubikey. For each of these actions, a pin needs to be entered to unlock the yubikey