diff --git a/inventory/host_vars/self.yml b/inventory/host_vars/self.yml
index f9627e4..827f31f 100644
--- a/inventory/host_vars/self.yml
+++ b/inventory/host_vars/self.yml
@@ -5,3 +5,4 @@ full_name: "{{ first_name }} {{ last_name }}"
 email: pim@kunis.nl
 vscodium_extensions:
   - shd101wyy.markdown-preview-enhanced
+ssh_agent_socket: /tmp/ssh-agent.socket
diff --git a/playbooks/laptop.yml b/playbooks/laptop.yml
index 658851f..df8979c 100644
--- a/playbooks/laptop.yml
+++ b/playbooks/laptop.yml
@@ -9,6 +9,12 @@
       tags: [bash]
     - role: alacritty
       tags: [alacritty]
+    - role: syncthing
+      tags: [syncthing]
+      vars:
+        syncthing_profile: "laptop"
+    - role: keepassxc
+      tags: [keepassxc]
     - role: wireguard
       tags: [wireguard]
     - role: asdf
@@ -21,10 +27,6 @@
       tags: [virtualbox]
     - role: vscodium
       tags: [vscodium]
-    - role: syncthing
-      tags: [syncthing]
-      vars:
-        syncthing_profile: "laptop"
     - role: strawberry
       tags: [strawberry]
     - role: nicotine
diff --git a/playbooks/os3.yml b/playbooks/os3.yml
index 91f0a2a..7548860 100644
--- a/playbooks/os3.yml
+++ b/playbooks/os3.yml
@@ -9,13 +9,15 @@
       tags: [bash]
     - role: alacritty
       tags: [alacritty]
+    - role: syncthing
+      tags: [syncthing]
+      vars:
+        syncthing_profile: "os3"
+    - role: keepassxc
+      tags: [keepassxc]
     - role: neovim
       tags: [neovim]
     - role: signal
       tags: [signal]
     - role: vscodium
       tags: [vscodium]
-    - role: syncthing
-      tags: [syncthing]
-      vars:
-        syncthing_profile: "os3"
diff --git a/roles/bash/tasks/main.yml b/roles/bash/tasks/main.yml
index 10cc1fe..5cad899 100644
--- a/roles/bash/tasks/main.yml
+++ b/roles/bash/tasks/main.yml
@@ -6,8 +6,8 @@
       - bat
       - fzf
 - name: Install .bashrc
-  copy:
-    src: "{{ role_path }}/files/bashrc"
+  template:
+    src: "{{ role_path }}/templates/bashrc.j2"
     dest: ~/.bashrc
 - name: Install .fzf.bash
   copy:
diff --git a/roles/bash/files/bashrc b/roles/bash/templates/bashrc.j2
similarity index 98%
rename from roles/bash/files/bashrc
rename to roles/bash/templates/bashrc.j2
index 3b11a1e..91d73a2 100644
--- a/roles/bash/files/bashrc
+++ b/roles/bash/templates/bashrc.j2
@@ -103,3 +103,5 @@ alias vim='nvim'
 
 # pip scripts
 PATH=$PATH:~/.local/bin
+
+export SSH_AUTH_SOCK="{{ ssh_agent_socket }}"
diff --git a/roles/system/files/keepassxc.ini b/roles/keepassxc/files/keepassxc.ini
similarity index 100%
rename from roles/system/files/keepassxc.ini
rename to roles/keepassxc/files/keepassxc.ini
diff --git a/roles/keepassxc/tasks/main.yml b/roles/keepassxc/tasks/main.yml
new file mode 100644
index 0000000..f0dfa5b
--- /dev/null
+++ b/roles/keepassxc/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Install Keepassxc
+  become: true
+  apt:
+    name: keepassxc
+- name: Create keepassxc config directory
+  file:
+    path: ~/.config/keepassxc
+    state: directory
+- name: Copy keepassxc.ini
+  copy:
+    src: "{{ role_path }}/files/keepassxc.ini"
+    dest: ~/.config/keepassxc/keepassxc.ini
+- name: Create cache directory
+  file:
+    path:  ~/.cache/keepassxc
+    state: directory
+    recurse: true
+- name: Set SSH_AUTH_SOCK override
+  ini_file:
+    path: ~/.cache/keepassxc/keepassxc.ini
+    section: SSHAgent
+    value: "{{ ssh_agent_socket }}"
diff --git a/roles/system/files/ssh_config b/roles/system/files/ssh_config
index 24ccf45..2e513ae 100644
--- a/roles/system/files/ssh_config
+++ b/roles/system/files/ssh_config
@@ -1,3 +1,5 @@
+AddKeysToAgent  yes
+
 Host brussels
         HostName brussels.studlab.os3.nl
         User pkunis
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index 16ba0d6..90babc7 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -19,14 +19,6 @@
   template:
     src: "{{ role_path }}/templates/.gitconfig.j2"
     dest: ~/.gitconfig
-- name: Create keepassxc config directory
-  file:
-    path: ~/.config/keepassxc
-    state: directory
-- name: Copy keepassxc.ini
-  copy:
-    src: "{{ role_path }}/files/keepassxc.ini"
-    dest: ~/.config/keepassxc/keepassxc.ini
 - name: Create repos directory
   file:
     path: ~/repos
@@ -57,3 +49,13 @@
     src: "{{ role_path }}/files/ssh_config"
     dest: ~/.ssh/config
     mode: 0600
+- name: Copy systemd ssh-agent service
+  template:
+    src: "{{ role_path }}/templates/ssh-agent.service.j2"
+    dest: /etc/systemd/user/ssh-agent.service
+- name: Enable ssh-agent service
+  systemd:
+    name: ssh-agent
+    enabled: true
+    scope: user
+    state: started
diff --git a/roles/system/templates/ssh-agent.service.j2 b/roles/system/templates/ssh-agent.service.j2
new file mode 100644
index 0000000..266e412
--- /dev/null
+++ b/roles/system/templates/ssh-agent.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=SSH key agent
+
+[Service]
+Type=simple
+Environment=SSH_AUTH_SOCK={{ ssh_agent_socket }}
+ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
+
+[Install]
+WantedBy=default.target