diff --git a/.bashrc b/.bashrc
index f45fe50..bd084bb 100755
--- a/.bashrc
+++ b/.bashrc
@@ -458,10 +458,37 @@ comment () {
 # shellcheck disable=SC1091
 test -r /home/terraform/.terraform_pipelinerc && source /home/terraform/.terraform_pipelinerc
 
-# echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
-# ls -l ~/.ssh/ssh_auth_sock
-# ssh-add -l
+#
+# ssh-agent
+# 
+# from https://wiki.archlinux.org/title/SSH_keys#ssh-agent
+# _ssh_agent handle existing ssh-agent / use $XDG_RUNTIME_DIR/ssh-agent.env to store current ssh-agent
+function _ssh_agent() {
+	local timeout=1h
+	if ! pgrep -u "$USER" ssh-agent > /dev/null; then
+		ssh-agent -t "$timeout" > "$XDG_RUNTIME_DIR/ssh-agent.env"
+		echo "  ssh-agent not found; launch it"
+	fi
 
+	if [ ! -f "$XDG_RUNTIME_DIR/ssh-agent.env" ]; then
+		pkill -x ssh-agent
+		ssh-agent -t "$timeout" > "$XDG_RUNTIME_DIR/ssh-agent.env"
+		echo "  ssh-agent found but not $XDG_RUNTIME_DIR/ssh-agent.env; kill and re-launch"
+	fi
+
+	if [ ! -f "$SSH_AUTH_SOCK" ]; then
+		source "$XDG_RUNTIME_DIR/ssh-agent.env" >/dev/null
+		echo "  ssh-agent loaded"
+	fi
+}
+_ssh_agent
+
+#
+# gpg
+#
+export GPG_TTY=$(tty)
+
+ 
 # x11 forwarding FIXME 
 # echo "DISPLAY=$DISPLAY"
 # xauth list