diff --git a/modules/ssh/init.zsh b/modules/ssh/init.zsh
index 08edce5772..6c828919ba 100644
--- a/modules/ssh/init.zsh
+++ b/modules/ssh/init.zsh
@@ -19,6 +19,9 @@ _ssh_agent_env="${_ssh_agent_env:-${TMPDIR:-/tmp}/ssh-agent.env.$UID}"
 # Set the path to the persistent authentication socket.
 _ssh_agent_sock="${TMPDIR:-/tmp}/ssh-agent.sock.$UID"
 
+# default options
+_ssh_add_options=""
+
 # Start ssh-agent if not started.
 if [[ ! -S "$SSH_AUTH_SOCK" ]]; then
   # Export environment variables.
@@ -36,6 +39,11 @@ if [[ -S "$SSH_AUTH_SOCK" && "$SSH_AUTH_SOCK" != "$_ssh_agent_sock" ]]; then
   export SSH_AUTH_SOCK="$_ssh_agent_sock"
 fi
 
+# store passphrases in your keychain. only macOS
+if [[ "$(uname 2> /dev/null)" == "Darwin" ]]; then
+  _ssh_add_options="-K"
+fi
+
 # Load identities.
 if ssh-add -l 2>&1 | grep -q 'The agent has no identities'; then
   zstyle -a ':prezto:module:ssh:load' identities '_ssh_identities'
@@ -50,9 +58,9 @@ if ssh-add -l 2>&1 | grep -q 'The agent has no identities'; then
   # program specified by SSH_ASKPASS and open an X11 window to read the
   # passphrase.
   if [[ -n "$DISPLAY" && -x "$SSH_ASKPASS" ]]; then
-    ssh-add ${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}} < /dev/null 2> /dev/null
+    ssh-add $_ssh_add_options ${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}} < /dev/null 2> /dev/null
   else
-    ssh-add ${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}} 2> /dev/null
+    ssh-add $_ssh_add_options ${_ssh_identities:+$_ssh_dir/${^_ssh_identities[@]}} 2> /dev/null
   fi
 fi