Although I totally support limiting authentication options to asymmetric cryptography, it looks like I cannot extract my secret (private) key (identity).
Windows security offers a choice of storing the key onto local machine (TPM enclave), mobile device (via QR/Bluetooth), hardware FIDO2 key. I do not have the latter to test but the second option does not work because Palantir platform rejects it in the end with “type of passkey does not meet enrollment security requirements”.
As a result, my access is locked to a single PC: neither could I work with AIP from my MacBook, nor would I be able to restore access if the PC is lost or stolen.
How could I access my identity (secret key), please?