Using a Token2 based id_ed25519_sk_rk key, I found very helpful to configure a different `pushurl` in `.git/config`. This allows to pull via HTTPS w/o a hardware touch.<p><pre><code> [remote "origin"]
url = https://github.com/freeCodeCamp/devdocs.git
pushurl = git@github.com:freeCodeCamp/devdocs.git</code></pre>
On Apple Silicon devices with macOS 26+, SSH keys can be natively stored in the Secure Enclave, protected via TouchID: <a href="https://news.ycombinator.com/item?id=46025721">https://news.ycombinator.com/item?id=46025721</a><p>It only supports sk-ecdsa-sha2-nistp256 key format, however that is widely supported currently.
Been using ed25519-sk with Yubikey for a few years now. Key is stored in KeepassXC and loaded in my SSH agent upon unlock.<p>It makes my SSH key pretty portable across devices
You can also do something similar with any computer that has a TPM. It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly
> It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly<p>This is my cue.<p><a href="https://github.com/Foxboron/ssh-tpm-agent" rel="nofollow">https://github.com/Foxboron/ssh-tpm-agent</a>
Filler pr jippo fluffer article aside, anyone tried to self host ubicloud lately? A year and a half ago it was super cumbersome, wondering if I should give it a new try now.
SSH using GPG Yubikeys and git signing using GPG was quite a process to set up on Windows a few years ago. Not something I'd want or know how to repeat. Hopefully things have improved in the mean time.