Are multiple FIDO2 credentials an option for your ssh use case? You might need to store the stub file online so that you could import it on a new workstation.
Also for encryption, FIDO2 could be an option using age and binding it to the token. This would allow for unlimited identities that require the token to be present for decryption. But you also need to store the identity files.