Passkey support arrived in KeePassXC https://github.com/keepassxreboot/keepassxc/issues/1870
Just last week so it’s not in any distributions yet, but a binary can be found here: https://snapshot.keepassxc.org/build-235575/
I haven’t tried it yet because I haven’t been using passkeys because it wasn’t implemented in KeePassXC but now that it is I will try on some page which implements it. Just need to figure out who implements it. I think none of the Fediverse services does yet.
Would this be susceptible to a MitM attack intercepting the decrypted secret?
No, because it’s a public private key pair, you have the private key and the server has the public key. So you end up sending the secret back encrypted as well. I just used that as an explainer. It’s not actually how that works.