1 files changed, 18 insertions, 3 deletions

diff --git a/modules/auth-config.el b/modules/auth-config.el
index 6b8a8ddb..8376a2c0 100644
--- a/modules/auth-config.el
+++ b/modules/auth-config.el
@@ -24,9 +24,11 @@
   :ensure nil                           ;; built in
   :demand t                             ;; load this package immediately
   :config
-  (setenv "GPG_AGENT_INFO" nil)         ;; disassociate with external gpg agent
-  (setq auth-sources `(,authinfo-file)) ;; use authinfo.gpg (see user-constants.el)
-  (setq auth-source-debug t))           ;; echo debug info to Messages
+  ;; USE gpg-agent for passphrase caching (400-day cache from gpg-agent.conf)
+  ;; (setenv "GPG_AGENT_INFO" nil)      ;; DISABLED: was preventing gpg-agent cache
+  (setq auth-sources `(,authinfo-file))  ;; use authinfo.gpg (see user-constants.el)
+  (setq auth-source-debug t)             ;; echo debug info to Messages
+  (setq auth-source-cache-expiry 86400)) ;; cache decrypted credentials for 24 hours
 
 ;; ----------------------------- Easy PG Assistant -----------------------------
 ;; Key management, cryptographic operations on regions and files, dired
@@ -40,5 +42,18 @@
   ;; (setq epa-pinentry-mode 'loopback)  ;; emacs request passwords in minibuffer
   (setq epg-gpg-program "gpg2"))  ;; force use gpg2 (not gpg v.1)
 
+;; ---------------------------------- Plstore ----------------------------------
+;; Encrypted storage used by oauth2-auto for Google Calendar tokens.
+;; CRITICAL: Enable passphrase caching to prevent password prompts every 10 min.
+
+(use-package plstore
+  :ensure nil ;; built-in
+  :demand t
+  :config
+  ;; Cache passphrase indefinitely (relies on gpg-agent for actual caching)
+  (setq plstore-cache-passphrase-for-symmetric-encryption t)
+  ;; Allow gpg-agent to cache the passphrase (400 days per gpg-agent.conf)
+  (setq plstore-encrypt-to nil)) ;; Use symmetric encryption, not key-based
+
 (provide 'auth-config)
 ;;; auth-config.el ends here.