diff --git a/.dotbot.conf.yaml b/.dotbot.conf.yaml
index 252dea2..8e97455 100644
--- a/.dotbot.conf.yaml
+++ b/.dotbot.conf.yaml
@@ -8,7 +8,6 @@
     - ~/.config/gh
     - ~/.config/gh-dash
     - ~/.config/tmux
-    - ~/.gnupg
 
 - link:
     ~/.config/base16-shell: .base16-shell
@@ -29,8 +28,6 @@
     ~/.gitconfig: git/gitconfig
     ~/.gitignore: git/gitignore
     ~/.gitmux.conf: tmux/gitmux.conf
-    ~/.gnupg/gpg-agent.conf: gpg/gpg-agent.conf
-    ~/.gnupg/gpg.conf: gpg/gpg.conf
     ~/.tmux-cht-command: tmux/tmux-cht-command
     ~/.tmux-cht-languages: tmux/tmux-cht-languages
     ~/.tmux.conf: tmux/tmux.conf
diff --git a/Brewfile b/Brewfile
index 237684e..d7d182c 100644
--- a/Brewfile
+++ b/Brewfile
@@ -187,10 +187,6 @@ brew "glm"
 brew "glow"
 # GNU implementation of the famous stream editor
 brew "gnu-sed"
-# Common error values for all GnuPG components
-brew "libgpg-error"
-# GNU Pretty Good Privacy (PGP) package
-brew "gnupg"
 # Manage compile and link flags for libraries
 brew "pkg-config"
 # Generate introspection data for GObject libraries
@@ -199,6 +195,8 @@ brew "gobject-introspection"
 brew "sdl2_image"
 # Version Control Visualization Tool
 brew "gource"
+# Common error values for all GnuPG components
+brew "libgpg-error"
 # Graph visualization software from AT&T and Bell Labs
 brew "graphviz"
 # Command-line tool for generating regular expressions
diff --git a/gpg/gpg-agent.conf b/gpg/gpg-agent.conf
deleted file mode 100644
index 55299be..0000000
--- a/gpg/gpg-agent.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-pinentry-program /opt/homebrew/bin/pinentry-mac
-default-cache-ttl 600
-max-cache-ttl 7200
diff --git a/gpg/gpg.conf b/gpg/gpg.conf
deleted file mode 100644
index eb22af8..0000000
--- a/gpg/gpg.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-auto-key-retrieve
-no-emit-version
-use-agent
-default-key F0CF1CF481C2E3AA0F806A378BD4525D7A7253E8
diff --git a/nix/darwin/default.nix b/nix/darwin/default.nix
index 4d1a59c..3a42a2a 100644
--- a/nix/darwin/default.nix
+++ b/nix/darwin/default.nix
@@ -11,6 +11,13 @@
   nix.settings.experimental-features = "nix-command flakes";
   nixpkgs.config.allowUnfree = true;
 
+  # GnuPG
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+  environment.systemPackages = [ pkgs.pinentry_mac ];
+
   # Create /etc/zshrc that loads the nix-darwin environment.
   programs.zsh.enable = true; # default shell on catalina
   # programs.fish.enable = true;
diff --git a/nix/home/default.nix b/nix/home/default.nix
index 7eff290..303b3ba 100644
--- a/nix/home/default.nix
+++ b/nix/home/default.nix
@@ -11,6 +11,7 @@ in
     ./asdf
     ./bat
     ./ctags
+    ./gnupg
     ./hammerspoon
     ./karabiner
     ./lazydocker
diff --git a/nix/home/gnupg/default.nix b/nix/home/gnupg/default.nix
new file mode 100644
index 0000000..249be33
--- /dev/null
+++ b/nix/home/gnupg/default.nix
@@ -0,0 +1,31 @@
+# TODO: Move public/private keys into nix
+{ pkgs, ... }:
+
+{
+  programs.gpg = {
+    enable = true;
+    settings = {
+      auto-key-retrieve = true;
+      no-emit-version = true;
+      use-agent = true;
+      default-key = "F0CF1CF481C2E3AA0F806A378BD4525D7A7253E8";
+    };
+
+    # GPG agent configuration
+    # These settings go into gpg-agent.conf
+    # NOTE: pinentry-program is set differently for macOS (see below)
+    scdaemonSettings = { };
+  };
+
+  # For macOS, we need to set the pinentry-program separately
+  home.file.".gnupg/gpg-agent.conf".text = ''
+    pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac
+    default-cache-ttl 600
+    max-cache-ttl 7200
+  '';
+
+  home.packages = with pkgs; [
+    gnupg
+    pinentry_mac
+  ];
+}