diff --git a/.bashrc b/.bashrc
index d8f6822..3a858f4 100644
--- a/.bashrc
+++ b/.bashrc
@@ -70,7 +70,17 @@ if [ -x /usr/bin/dircolors ]; then
 fi
 
 # handle key management through `keychain` because its great
+## first set up gpg agent
+[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
+if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
+   export GPG_AGENT_INFO
+else
+   eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
+fi
+
+## then configure keychain
 eval $(keychain --eval --quiet ~/.ssh/{awful-git,github,digitalocean,home-net})
+eval $(keychain --gpg2 --agents gpg)
 
 # host specific configurations:
 if [ "$HOSTNAME" = "nixon" ]; then
diff --git a/.emacs.d/jlj-secrets2.gpg b/.emacs.d/jlj-secrets2.gpg
index b9e1afe..842bb44 100644
Binary files a/.emacs.d/jlj-secrets2.gpg and b/.emacs.d/jlj-secrets2.gpg differ
diff --git a/.gnupg/gpg-agent.conf b/.gnupg/gpg-agent.conf
new file mode 100644
index 0000000..2b4a488
--- /dev/null
+++ b/.gnupg/gpg-agent.conf
@@ -0,0 +1,6 @@
+default-cache-ttl 31536000
+max-cache-ttl 31536000
+log-file /var/log/gpg-agent
+debug-level basic
+pinentry-program /run/current-system/sw/bin/pinentry
+use-agent