diff --git a/profiles/basic/default.nix b/profiles/basic/default.nix
index 6e40540..9a83e57 100644
--- a/profiles/basic/default.nix
+++ b/profiles/basic/default.nix
@@ -64,6 +64,7 @@
     wget
     git
     tree
+    file
     ripgrep
   ];
 
diff --git a/profiles/basic/git.nix b/profiles/basic/git.nix
index 8edecc3..9fec64c 100644
--- a/profiles/basic/git.nix
+++ b/profiles/basic/git.nix
@@ -6,8 +6,6 @@
 }:
 {
 
-  home-manager.users.mysaa.programs.gpg.homedir = "/run/secrets/gpg/";
-
   home-manager.users.mysaa.programs.git = {
     enable = true;
     userEmail = "mysaa@hadoly.fr";
diff --git a/profiles/basic/secrets.nix b/profiles/basic/secrets.nix
index b5b8c20..17da50d 100644
--- a/profiles/basic/secrets.nix
+++ b/profiles/basic/secrets.nix
@@ -4,11 +4,26 @@
   pkgs,
   ...
 }:
-{
+let
+  gpg-wrapper = pkgs.writeShellScriptBin "gpg" ''
+    until ${pkgs.coreutils}/bin/timeout 1 [ -d /run/secrets/gpg/ ]
+    do
+      echo "Waiting for '/run/secrets/' to be mounted" >&2
+      sleep 1
+    done
+    if [ -z "$GNUPGHOME" ]
+    then export GNUPGHOME="/run/secrets/gpg/"
+    fi
+    ${pkgs.gnupg}/bin/gpg "$@"
+  '';
+in {
+
+  home-manager.users.mysaa.home.packages = [
+    gpg-wrapper
+  ];
+
+  home-manager.users.mysaa.programs.git.signing.signer = "${gpg-wrapper}/bin/gpg";
 
-  home-manager.users.mysaa.home.sessionVariables = {
-    GNUPGHOME = "/run/secrets/gpg/";
-  };
   fileSystems."/run/secrets" = {
     device = "/dev/disk/by-uuid/545bfd15-0973-4395-9d05-6c4c78a9e45c";
     fsType = "ext4";