From a81a5902a5780c21ed57aa92f6c5eefc4413ee05 Mon Sep 17 00:00:00 2001
From: addisonbeck <github@addisonbeck.com>
Date: Tue, 5 May 2026 13:38:30 -0400
Subject: [PATCH] docs: restore hardware key callout to top-level SSH signing
 tip

On #672 we moved the sk-backed key recommendation out of the main tip and
into a nested step. Add it back at the top level so hardware keys remain
visibly ranked as the highest-security option.
---
 docs/contributing/commit-signing.mdx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/contributing/commit-signing.mdx b/docs/contributing/commit-signing.mdx
index 98770222c..1ca6e98ec 100644
--- a/docs/contributing/commit-signing.mdx
+++ b/docs/contributing/commit-signing.mdx
@@ -27,7 +27,9 @@ GitHub supports [commit signing][github-verification] with SSH, GPG, and S/MIME.
 
 If you're unsure what to use, <strong>we recommend you create a commit signing key using SSH per
 latest security best practices </strong> (see the
-[PGP problem](https://www.latacora.com/blog/2019/07/16/the-pgp-problem/) for more details).
+[PGP problem](https://www.latacora.com/blog/2019/07/16/the-pgp-problem/) for more details). For
+maximum security, consider using a [hardware-backed SSH key](#hardware-backed-ssh-key-configuration)
+(YubiKey or other FIDO2 device) as your signing key.
 
 :::