diff --git a/dot_local/share/private_gnupg/sshcontrol.tmpl b/dot_local/share/private_gnupg/sshcontrol.tmpl
new file mode 100644
index 0000000..b53968d
--- /dev/null
+++ b/dot_local/share/private_gnupg/sshcontrol.tmpl
@@ -0,0 +1,11 @@
+# List of allowed ssh keys.  Only keys present in this file are used
+# in the SSH protocol.  The ssh-add tool may add new entries to this
+# file to enable them; you may also add them manually.  Comment
+# lines, like this one, as well as empty lines are ignored.  Lines do
+# have a certain length limit but this is not serious limitation as
+# the format of the entries is fixed and checked by gpg-agent. A
+# non-comment line starts with optional white spaces, followed by the
+# keygrip of the key given as 40 hex digits, optionally followed by a
+# caching TTL in seconds, and another optional field for arbitrary
+# flags.   Prepend the keygrip with an '!' mark to disable it.
+{{ output "sh" "-c" "gpg -K --with-keygrip | grep -A1 \"\\[A\\]\" | tail -n1 | sed \"s,.*Keygrip = ,,\"" }}