I use Gentoo keychain heavily, to cache ssh private keys. If you use it on a few workstations, and make it a point of clearing keys or stopping keychain, you will find yourself in a situation where you ssh from a machine with keys into a machine without keys. For a while I was picking up the (useless) keychain on the remote machine I sshed into, instead of the loaded keychain on the local machine I sshed from. This .profile refinement doesn't load keychain if it can find an active agent:

  if [[ `which keychain` ]]
  then
    if [[ ! ${SSH_CLIENT} ]]
    then
      keychain -q --noask; . ~/.keychain/`uname -n`-sh
    fi # [[ ! ${SSH_CLIENT} ]]

    alias  kc="keychain --timeout 540 ~/.ssh/id_dsa; . ~/.keychain/`uname -n`-sh"
  fi # [[ `which keychain` ]]

Update 2006/05: I recently switched from Gentoo keychain to SSHKeychain. It optionally integrates with the Apple Keychain (including automatic locking and loading of keys), and configures global environment variables for BBEdit and other co-operating tools.

http://sshkeychain.org/