You're asking exactly the right question here. What's needed is some key management app similar to but not the same as iOS keychain or Android/Google Password Manager (that stores keys not just passwords).

This app would grant indirect fine-grained access to keys to other apps subject to users' choice. Indirect because it will perform cryptographic operations on the client app's behalf instead of directly revealing the key.