{ config, lib, pkgs, ... }:

with lib;

let cfg = config.features.cli.secrets;

in {

  options.features.cli.secrets.enable = mkEnableOption "enable secrets";

  config = mkIf cfg.enable {

    programs.password-store = {
      enable = true;
      package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
    };
    programs.gpg = { enable = true; };
    services.gpg-agent = {
      enable = true;
      defaultCacheTtl = 1800;
      enableSshSupport = true;
    };
    home.packages = with pkgs; [
      pinentry
    ];
  };
}