diff --git a/configs/cloud.nix b/configs/cloud.nix
index e8302ca..8242e59 100644
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -18,6 +18,7 @@ in {
   ];
 
   services.gnome.gnome-keyring.enable = true;
+  security.pam.services.lightdm.enableGnomeKeyring = true;
 
   home-manager.users.me = {
     services.nextcloud-client = {
diff --git a/configs/ssh.nix b/configs/ssh.nix
index aab8768..dbe1871 100644
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -4,33 +4,40 @@
 in {
   users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;
 
+  programs.ssh.startAgent = true;
+
   home-manager.users.me = {
-    services.gpg-agent = rec {
-      enable = true;
-      enableSshSupport = true;
-      defaultCacheTtlSsh = 2 * 60 * 60;
-      maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
-      sshKeys = [
-        "568047C91DE03A23883E340F15A9C24D313E847C"
-        "BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519
-        "3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa
-        "0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519
-        "A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519
-      ];
-    };
+    # https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663
+    xsession.profileExtra = ''
+      eval $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --daemonize --components=ssh,secrets)
+      export SSH_AUTH_SOCK
+    '';
+    # services.gpg-agent = rec {
+    #   enable = false;
+    #   enableSshSupport = true;
+    #   defaultCacheTtlSsh = 2 * 60 * 60;
+    #   maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
+    #   sshKeys = [
+    #     "568047C91DE03A23883E340F15A9C24D313E847C"
+    #     "BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519
+    #     "3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa
+    #     "0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519
+    #     "A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519
+    #   ];
+    # };
   };
 
-  environment.extraInit = ''
-    if [[ -z "$SSH_AUTH_SOCK" ]]; then
-      export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"
-    fi
-  '';
+  # environment.extraInit = ''
+    # if [[ -z "$SSH_AUTH_SOCK" ]]; then
+    #   export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"
+    # fi
+  # '';
 
-  environment.interactiveShellInit = ''
-    GPG_TTY="$(tty)"
-    export GPG_TTY
-    ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null
-  '';
+  # environment.interactiveShellInit = ''
+    # GPG_TTY="$(tty)"
+    # export GPG_TTY
+    # ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null
+  # '';
 
   home-manager.users.me.programs.ssh = {
     enable = true;