Protections such as hardware security modules (HSM), trusted platform modules (TPM), and trusted execution environments (TEE) can provide strong protection for cryptographic keys but are complex to implement and can become vulnerable if the attacker owns the execution environment.
