diff --git a/programs/gpg.nix b/programs/gpg.nix
new file mode 100644
index 0000000..189bd9c
--- /dev/null
+++ b/programs/gpg.nix
@@ -0,0 +1,22 @@
+{ config, ... }:
+{
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.xdg.configHome}/gnupg";
+    # TODO: declare public keys and trust declaratively
+    # mutableKeys = false;
+    # mutableTrust = false;
+    # publicKeys = [];
+    # settings = {
+
+    # };
+  };
+
+  services.gpg-agent = {
+    enable = true;
+    pinentryFlavor = "curses";
+    enableSshSupport = true;
+    enableScDaemon = true;
+    grabKeyboardAndMouse = false;
+  };
+}