diff --git a/ansible/roles/profile_desktop_gnome/tasks/main.yml b/ansible/roles/profile_desktop_gnome/tasks/main.yml
index 1460f86..2475673 100644
--- a/ansible/roles/profile_desktop_gnome/tasks/main.yml
+++ b/ansible/roles/profile_desktop_gnome/tasks/main.yml
@@ -17,6 +17,15 @@
     owner: root
     group: root
 
+- name: Deploy gpg-agent.conf for GNOME (pinentry-gnome3, no ssh-support)
+  tags: [dotfiles, dotfiles:desktop, gnome]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/desktop/.gnupg/gpg-agent.arch.conf"
+    dest: "{{ user_home }}/.gnupg/gpg-agent.conf"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "0600"
+
 - name: Enable gnome-keyring PAM auth hook for GDM
   tags: [gnome]
   ansible.builtin.lineinfile:
diff --git a/dotfiles/desktop/.gnupg/gpg-agent.arch.conf b/dotfiles/desktop/.gnupg/gpg-agent.arch.conf
new file mode 100644
index 0000000..15ab186
--- /dev/null
+++ b/dotfiles/desktop/.gnupg/gpg-agent.arch.conf
@@ -0,0 +1,3 @@
+pinentry-program /usr/bin/pinentry-gnome3
+default-cache-ttl 600
+max-cache-ttl 7200