diff --git a/shells/base.nix b/shells/base.nix
index a928c85..88123d5 100644
--- a/shells/base.nix
+++ b/shells/base.nix
@@ -1,9 +1,42 @@
 { pkgs, ... }:
 {
   packages = with pkgs; [
+    nix-direnv
     gnupg
     git
+    bitwarden-cli
   ];
 
-  env.GPG_TTY = "\$(tty)";
+  scripts.download_gpg_key.exec = # bash
+  ''
+    if ! bw login --check; then
+      echo "Please run `bw login`"
+      exit 1
+    fi
+
+    bw sync && \
+    bw get attachment private.key --itemid 335ce92f-974a-44d4-bc1c-b226005203f3 --output private.key && \
+    echo "Please run `set_gpg_tty && import_gpg_key`"
+  '';
+
+  scripts.set_gpg_tty.exec = # bash
+  ''
+    export GPG_TTY="$(tty)"
+  '';
+
+  scripts.import_gpg_key.exec = # bash
+  ''
+    exec gpg --import private.key
+  '';
+
+  scripts.gpg_no_pinentry.exec = # bash
+  ''
+    pkill gpg-agent
+    gpg-agent --pinentry-program=/usr/bin/pinentry-curses --daemon
+  '';
+
+  scripts.git_allow_push.exec = # bash
+  ''
+    git config http.version HTTP/1.1
+  '';
 }