Add a keypair to yubikey slot 82
step kms create yubikey:slot-id=82
Verify you can create an attestation certificate
step kms attest yubikey:slot-id=82
Get your cert
step ca certificate --attestation-uri yubikey:slot-id=82 YOUR-SERIAL-NUMBER attest.crt
sudo apt install libengine-pkcs11-openssl and ykcs11
export PKCS11_MODULE_PATH=/usr/lib/x86_64-linux-gnu/libykcs11.so
curl --cert attest.cert --key "pkcs11:object=Private key for Retired Key 1" --cacert root_ca.crt https://$K8S_API:6443/api/v1/namespaces