It's NIP-46 remote signing. So you put your actual key on an encrypted server and then sign in "remotely" in apps that support it.

Keycast is built with teams (aka multiple people using the same key) in mind. So you can create multiple "authorizations" that have specific permissions and give those authorizations out to multiple people so that they can use the key in different clients. You can also revoke the authorizations at any time.