Use personal Access tokens with netrc

Hello,

I did not find in the doc how to configure a PAT in netrc.
Since the curl call is in a script, I want to avoid having the PAT in clear and in the repo. I tried to set it up in netrc, but I always get a sign-in page.

This works

$ curl -L --header "PRIVATE-TOKEN: glpat-XXXX" "https://gitlab.local/api/v4/projects/278/repository/files/files%2Flauncher.py/raw" 
#!/usr/bin/env python3
[...]

This does not

$  grep gitlab ~/.netrc
machine gitlab.local login matm password glpat-XXXX

$ curl -Ln "https://gitlab.local/api/v4/projects/278/repository/files/files%2Flauncher.py/raw" 
{"message":"404 Project Not Found"}

Token has only read_repository, but since it works with --header, this is not an issue.
We’re using SAML Auth, if that matters.
Any help welcome

Have you found a solution in the meantime? I have the same problem.

Nope. Just tested again with a repo from gitlab.com, no luck.

Reading How do I use a HTTP access token in a .netrc file from Atlassian support, it may look like gitlab is lacking a conversion path from password to token

@matthiasdotsh You may comment this issue to add weight: Personal Access Tokens should be usable in the API with basic auth (#341157) · Issues · GitLab.org / GitLab · GitLab