Secure Enclave SSH Keys on macOS 26

Secretive has been the go-to app for storing SSH keys in the Secure Enclave — keeping private key material inside the chip, protected by Touch ID, never exposed to the OS. macOS 26 makes it unnecessary: the same protection is now built in via sc_auth and /usr/lib/ssh-keychain.dylib.

See Native Secure Enclave SSH Keys — the macOS guide for the full setup, or the quick gist for the short version. Apple’s documentation on Protecting keys with the Secure Enclave covers the underlying API.