Turns out the
pass command on your local Linux box can be used for a bunch of encryption-related things in addition to what most of us use it for: managing a user’s password.
One cool example is you can hide API keys from shoulder surfers (and
history’s memory) by storing the key encrypted on disk and using
pass to access it at runtime:
curl -H "API-Key: $(pass provider/api_key)" ...