On Mac machines with the secure enclave, it's possible to generate and store keys directly in the enclave, such that it's inaccessible. This is pretty handy and also seems kinda secure. To facilitate this, I install [Secretive](https://github.com/maxgoedjen/secretive). Using it is as simple as getting the cask (I do this with my nix configuration) and then opening the app, then generating a key. The UI nicely presents you with the public keys, so you can copy them. It's that easy.