No chmod, no umask. Do you create all secrets world-readable?
Apart from that, less dependencies is always better. I couldn’t see any hard reason to be bash-specific, so a reduction to POSIX /bin/sh would be even better, because then you catch all the BSDs as well, although they’d still need curl from packages/ports/pkgsrc.