diff --git a/roles/gnupg/defaults/main.yml b/roles/gnupg/defaults/main.yml
index 2ca58dc..c3e01c6 100644
--- a/roles/gnupg/defaults/main.yml
+++ b/roles/gnupg/defaults/main.yml
@@ -7,3 +7,4 @@ gpg_keygrips: []
 
 gpg_folder: "~/.gnupg"
 
+gpg_user: "{{ ansible_user }}"
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index 1fb1d1b..1b6e6eb 100644
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -38,8 +38,26 @@
     dest: "{{ gpg_folder }}/gnupg_agent"
     mode: 0700
 
+- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
+  blockinfile:
+    path: "~/.bashrc"
+    insertafter: "\[\[ \$- != \*i\* \]\] && return"
+    line: |
+      # load script telling SSH to use the gpg agent
+      source "{{ gpg_folder }}"/gnupg_agent
+    state: present
 
+- name: Download own pubkey
+  get_url:
+    url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
+    dest: "~/{{ gpg_user }}.pub"
 
-
-
+- name: Import own pubkey and set owner-trust
+  command:
+    cmd: |
+      gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
+      trust
+      5
+      quit
+      EOF
 
diff --git a/roles/gnupg/templates/gpg.conf.j2 b/roles/gnupg/templates/gpg.conf.j2
index 6f62bf6..79a8906 100644
--- a/roles/gnupg/templates/gpg.conf.j2
+++ b/roles/gnupg/templates/gpg.conf.j2
@@ -8,5 +8,4 @@ allow-freeform-uid
 with-fingerprint
 keyid-format 0xlong
 keyserver hkps://hkps.pool.sks-keyservers.net
-#keyserver-options ca-cert-file=/home/electron/.gnupg/sks-keyservers_ca.pem
 keyserver-options no-honor-keyserver-url