A very convenient feature of Curl is that if invoked with curl -n, it will
try to read credentials of a target service our of a local .netrc file, and
if found, use them for authentication. The trouble is that these credentials
default to being stored in plain text, which is something that we’d like to
avoid by using GPG.
The first step here is to encrypt your .netrc:
$ gpg -r <your email> -e ~/.netrc
$ ls ~/.netrc.gpg
$ rm ~/.netrc
Now we can can pipe the decrypted output of our .netrc file from gpg, and
have Curl read it in (this should go in your appropriate *rc file):
$ alias curl="curl --netrc-file <( gpg --batch -q -d ~/.netrc.gpg )"
Because we’ve folded this into an alias, curl can be invoked normally:
$ curl -n https://api.heroku.com/apps
Did I make a mistake? Please consider sending a pull request.