diff --git a/.bashrc b/.bashrc
index 6f51c51..97660ab 100644
--- a/.bashrc
+++ b/.bashrc
@@ -16,6 +16,11 @@ if [ -f /etc/os-release ]; then
     fi
 fi
 
+# For microsoft-standard-WSL2 in uname -a
+if [[ "$(uname -a)" == *"microsoft-standard-WSL2"* ]]; then
+    source $HOME/.agent-bridge.sh
+fi
+
 # Docker Compose Alias (Mostly for old shell scripts)
 alias docker-compose='docker compose'
 
diff --git a/README.md b/README.md
index 473cff2..aa0fd02 100755
--- a/README.md
+++ b/README.md
@@ -103,3 +103,34 @@ To add a new system you should follow these steps:
 1. Add the relevant files shown in the section above.
 2. Ensure you've either updated or added the `$HOME/.hostname` file with the hostname of the system.
 3. Run `dotf update` to ensure the symlinks are properly updated/created.
+---
+
+## Using 1Password SSH Agent with WSL2 (Windows 11)
+
+This setup allows you to use your 1Password-managed SSH keys inside WSL2. The WSL-side steps are automated by Ansible. The following Windows-side steps must be performed manually:
+
+### Windows-side Setup
+
+1. **Enable 1Password SSH Agent**
+   - Open the 1Password app on Windows.
+   - Go to **Settings → Developer** and enable **"Use the SSH agent"**.
+
+2. **Install npiperelay using winget**
+   - Open PowerShell and run the following command:
+     ```sh
+     winget install albertony.npiperelay
+     ```
+   - This will install the latest maintained fork of npiperelay and add it to your PATH automatically.
+3. **Restart Windows Terminal**
+   - After completing the above steps, restart your Windows Terminal to ensure all changes take effect.
+
+4. **Test the SSH Agent in WSL2**
+   - Open your WSL2 terminal and run:
+     ```sh
+     ssh-add -l
+     ```
+   - If your 1Password keys are listed, the setup is complete.
+
+#### References
+- [Using 1Password's SSH Agent with WSL2](https://dev.to/d4vsanchez/use-1password-ssh-agent-in-wsl-2j6m)
+- [How to change the PATH environment variable in Windows](https://www.wikihow.com/Change-the-PATH-Environment-Variable-on-Windows)
diff --git a/config/ansible/tasks/global/global.yml b/config/ansible/tasks/global/global.yml
index 565fdf7..a54b843 100644
--- a/config/ansible/tasks/global/global.yml
+++ b/config/ansible/tasks/global/global.yml
@@ -49,6 +49,10 @@
     state: present
   become: true
 
+- name: Include WSL2 tasks
+  ansible.builtin.import_tasks: tasks/global/wsl.yml
+  when: "'microsoft-standard-WSL2' in ansible_kernel"
+
 - name: Include Utils tasks
   ansible.builtin.import_tasks: tasks/global/utils.yml
   become: true
diff --git a/config/ansible/tasks/global/symlinks.yml b/config/ansible/tasks/global/symlinks.yml
index 0caf7dd..e95c9ab 100644
--- a/config/ansible/tasks/global/symlinks.yml
+++ b/config/ansible/tasks/global/symlinks.yml
@@ -34,4 +34,4 @@
         mennos-vm: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
         dotfiles-test: "$DOTFILES_PATH/config/git/gitconfig.mennos-server"
   tags:
-    - symlinks
\ No newline at end of file
+    - symlinks
diff --git a/config/ansible/tasks/global/wsl.yml b/config/ansible/tasks/global/wsl.yml
new file mode 100644
index 0000000..67aad05
--- /dev/null
+++ b/config/ansible/tasks/global/wsl.yml
@@ -0,0 +1,47 @@
+---
+- name: WSL2 1Password SSH Agent Bridge
+  block:
+    - name: Ensure required packages are installed for 1Password sock bridge
+      ansible.builtin.package:
+        name:
+          # 1Password (WSL2 required package for sock bridge)
+          - socat
+        state: present
+      become: true
+
+    - name: Ensure .1password directory exists in home
+      ansible.builtin.file:
+        path: "{{ ansible_env.HOME }}/.1password"
+        state: directory
+        mode: '0700'
+
+    - name: Create .agent-bridge.sh in home directory
+      ansible.builtin.copy:
+        dest: "{{ ansible_env.HOME }}/.agent-bridge.sh"
+        mode: '0755'
+        content: |
+          # Code extracted from https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/
+
+          # (IMPORTANT) Create the folder on your root for the `agent.sock` (How mentioned by @rfay and @Lochnair in the comments)
+          mkdir -p ~/.1password
+
+          # Configure ssh forwarding
+          export SSH_AUTH_SOCK=$HOME/.1password/agent.sock
+          # need `ps -ww` to get non-truncated command for matching
+          # use square brackets to generate a regex match for the process we want but that doesn't match the grep command running it!
+          ALREADY_RUNNING=$(ps -auxww | grep -q "[n]piperelay.exe -ei -s //./pipe/openssh-ssh-agent"; echo $?)
+          if [[ $ALREADY_RUNNING != "0" ]]; then
+              if [[ -S $SSH_AUTH_SOCK ]]; then
+                  # not expecting the socket to exist as the forwarding command isn't running (http://www.tldp.org/LDP/abs/html/fto.html)
+                  echo "removing previous socket..."
+                  rm $SSH_AUTH_SOCK
+              fi
+              echo "Starting SSH-Agent relay..."
+              # setsid to force new session to keep running
+              # set socat to listen on $SSH_AUTH_SOCK and forward to npiperelay which then forwards to openssh-ssh-agent on windows
+              (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
+          fi
+
+  tags:
+    - wsl
+    - wsl2