Using gpg for Secrets

I'm using direnv in my project, and sometimes want to set secrets such as AWS_ACCESS_KEY_ID and friends. I usually have a file like:

export AWS_ACCESS_KEY_ID=ABCDEFGHIJK
export AWS_SECRET_ACCESS_KEY=ABCDEFGHIJK/lmnopqrstuvwxyz
export AWS_DEFAULT_REGION=us-east-1

However I don't want to store these values in the clear. The solution I found was to encrypt the file with gpg and then have the following line in the .envrc:

eval $(gpg -qdo- ../../../aws.sh.gpg)