This should be a blog post, and I'll make it one when I have more than 5 mins to spare. For instance these examples are hard-coded for my github SSH key, rather than parameterised.
Based on [this SO question](https://stackoverflow.com/questions/1340366/how-to-make-ssh-receive-the-password-from-stdin)
Rather than use `pass -c` to copy an SSH key passphrase to your system clipboard and then paste it at the ssh-askpass prompt (which is not very secure: any program can read the clipboard), you can use an `SSH_ASKPASS` script to retrieve the passphrase from [password store](https://www.passwordstore.org/) and give it to `ssh-add`.
1. Make a script that retrieves the passphrase from `pass` (which in turn will prompt for a master passphrase if needed, via GnuPG PinEntry):
```sh
#!/bin/bash
pass github/sinewalker|head -1
```
2. Use this as the `$SSH_ASKPASS` script to `ssh-add`. Note the extra `$DISPLAY` environment variable and redirection trickery to convince ssh-add to use the script:
```sh
#!/bin/bash
export DISPLAY=dummy
export SSH_ASKPASS=/path/to/above/script
ssh-add /path/to/keys/github < /dev/null
```