So of the top of my head you have a few options if you are
Currently the only thing available is the DF and DF2 products. But no one has done much in the way of working with there secure capabilities on this forum at least. I know @NixieGeek has been interested in this space and I am also one day going to look into this.
You also could do something with a NTAG 413 if you can get hold of a unprovisioned spark2? I know @anon3825968 managed to get one, maybe if there is enough interest then @amal might make them more available.
Finally you could hold out for the Apex line. It’s an upcoming line of VK products that utilizes a contactless Java smart card that you can load applications onto for things like signing and token generation.