Our examples use private keys stored in password-encrypted key files. A public key can either be retrieved from a decrypted private key file, or kept separately in an unencrypted form.
An alternative to this would be to use Windows private key storage. This makes it possible, for example, to generate and store a private key that cannot be exported from the key storage.
However, Windows private key storage is somewhat complicated to work if the private keys are not associated with X.509 certificates. X.509 certificates are seldom used with SSH, but using dummy certificates (that would essentially only serve as a metadata for SSH keys) might actually be a suitable approach. If you are interested in this, please let us know.