diff --git a/.config/ssh-agent/pam_exec-ssh b/.config/ssh-agent/pam_exec-ssh
new file mode 100755
index 0000000..1eb7590
--- /dev/null
+++ b/.config/ssh-agent/pam_exec-ssh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+agent_add_key () {
+    expect << EOF
+        log_user 0
+
+        spawn ssh-add $1
+        expect "Enter passphrase for $1" {
+            send "$2\r"
+            expect {
+                "Identity added: $1" {
+                    send "$2\r"
+                    exit 0
+                }
+                "Bad passphrase, try again" {
+                    exit 1
+                }
+            }
+        }
+EOF
+}
+
+read -r PAM_PASS
+PAM_PASS=$(echo "$PAM_PASS" | sed 's/\$/\\\$/')
+
+SSH_AUTH_SOCK=/run/user/$(id -u "$PAM_USER")/ssh-agent.socket
+export SSH_AUTH_SOCK
+
+if [ -d /home/"$PAM_USER"/.ssh/unlock.d/ ]; then
+    find /home/"$PAM_USER"/.ssh/unlock.d/ -maxdepth 1 ! -wholename "/home/$PAM_USER/.ssh/unlock.d/" ! -name "config" ! -name "known_hosts" ! -name "*.pub" | while read -r key; do
+        agent_add_key "$key" "$PAM_PASS" &
+    done
+fi
+
+exit 0
diff --git a/install b/install
index 39d9f79..d93b6f6 100755
--- a/install
+++ b/install
@@ -1,10 +1,10 @@
 #!/bin/sh -e
 
+repo_dir=$(readlink -f $(dirname "$0"))
+
 link() {
   [ -L "~/.config" ] || return 0
 
-  repo_dir=$(readlink -f $(dirname "$0"))
-
   for file in ".profile" ".zprofile" ".config"; do
     ln -sf "$repo_dir/$file" "~/$file"
   done
@@ -59,6 +59,19 @@ install() {
   [ -d "/usr/share/themes/Nova" ] || sudo git clone \
     https://git.vimium.com/jordan/gtk-nova-theme.git \
     /usr/share/themes/Nova
+
+  [ -x "/usr/bin/pam_exec-ssh" ] || {
+    sudo install -m755 \
+      "$repo_dir/.config/ssh-agent/pam_exec-ssh" \
+      /usr/bin/pam_exec-ssh
+      mkdir ~/.ssh/unlock.d
+      ln -s ~/.ssh/id_ed25519 ~/.ssh/unlock.d/id_ed25519
+    }
 }
 
-install && link
+configure() {
+  systemctl --user enable ssh-agent
+  systemctl --user enable sway
+}
+
+install && link && configure