hmm, interesting question. should be. Windows Hello generates RSA keypairs I think.
Can you just use those as SSH keys ? The OS will take care of securing them in TPM if available.
If you wanted to use conventional file-based keypairs and secure the "passphrase" instead, maybe use the Hello private key to encrypt the passphrase into the credential store ? I am not up-to-date on whether there's a newer more secure way to store credentials, but seems like forcing a Windows Hello action to decrypt the data in the store should be sufficient.
I could be missing something though. Otherwise you'd think there'd be a solution from Microsoft already.
If you wanted to use conventional file-based keypairs and secure the "passphrase" instead, maybe use the Hello private key to encrypt the passphrase into the credential store ? I am not up-to-date on whether there's a newer more secure way to store credentials, but seems like forcing a Windows Hello action to decrypt the data in the store should be sufficient.
I could be missing something though. Otherwise you'd think there'd be a solution from Microsoft already.