diff --git a/src/pins/tang/clevis-decrypt-tang b/src/pins/tang/clevis-decrypt-tang
index 72393b49..4109ff1f 100755
--- a/src/pins/tang/clevis-decrypt-tang
+++ b/src/pins/tang/clevis-decrypt-tang
@@ -101,7 +101,14 @@ xfr="$(jose jwk exc -i '{"alg":"ECMR"}' -l- -r- <<< "$clt$eph")"
 
 rec_url="$url/rec/$kid"
 ct="Content-Type: application/jwk+json"
-if ! rep="$(curl -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then
+
+# Check if netrc-file option exists
+curl_net_rc_file="--netrc-file /root/.netrc"
+if ! curl --netrc-file /root/.netrc ${url}; then
+  curl_net_rc_file=""
+fi
+
+if ! rep="$(curl "${curl_net_rc_file}" /root/.netrc -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then
     echo "Error communicating with server $url" >&2
     exit 1
 fi
diff --git a/src/pins/tang/clevis-encrypt-tang b/src/pins/tang/clevis-encrypt-tang
index fddb7f32..0fed6914 100755
--- a/src/pins/tang/clevis-encrypt-tang
+++ b/src/pins/tang/clevis-encrypt-tang
@@ -75,6 +75,12 @@ if ! url="$(jose fmt -j- -Og url -u- <<< "$cfg")"; then
     exit 1
 fi
 
+# Check if netrc-file option exists
+curl_net_rc_file="--netrc-file /root/.netrc"
+if ! curl --netrc-file /root/.netrc ${url}; then
+  curl_net_rc_file=""
+fi
+
 thp="$(jose fmt -j- -Og thp -Su- <<< "$cfg")" || true
 
 ### Get the advertisement
@@ -92,7 +98,7 @@ elif jws="$(jose fmt -j- -g adv -Su- <<< "$cfg")"; then
     fi
 
     thp="${thp:-any}"
-elif ! jws="$(curl -sfg "$url/adv/$thp")"; then
+elif ! jws="$(curl "${curl_netrc_file}" -sfg "$url/adv/$thp")"; then
     echo "Unable to fetch advertisement: '$url/adv/$thp'!" >&2
     exit 1
 fi