Keychain helps you securely manage your SSH and GPG private keys. As a frontend to ssh-agent and gpg-agent, it maintains a single, long-running agent per user and host so you only have to enter your passphrases once per reboot. By writing the agent's environment to per-host files, Keychain makes it effortless for new shells and background cron jobs to securely access your cached keys.
The 3.x release is a complete, ground-up rewrite that transitions Keychain from a POSIX Bourne shell script into a fully modern, highly-capable Python 3 CLI tool. Shipped as a self-contained zipapp (.pyz), it preserves Keychain's defining deployment model: it remains a single executable file that you simply drop into your PATH, requiring no package managers, pip, or virtual environments.
Keychain 3.x delivers a clean action-driven syntax, comprehensive embedded documentation, an --explain mode for analyzing invocations, and an agent state inspector. Under the hood, the codebase is now fully hardened and supported by an extensive suite of over 100 unit tests. Despite these massive enhancements, it remains flawlessly drop-in compatible with every legacy 2.x command-line flag. As part of this major evolution, Keychain has also formally transitioned from the GPLv2 to the GPLv3 license.