How to pass the key for secure and hidden properties to CloudHub via both API and Maven in CI/CD during deployment

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns:secure-properties="http://www.mulesoft.org/schema/mule/secure-properties" xmlns:http="http://www.mulesoft.org/schema/mule/http"
	xmlns="http://www.mulesoft.org/schema/mule/core"
	xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/secure-properties http://www.mulesoft.org/schema/mule/secure-properties/current/mule-secure-properties.xsd">
	<http:listener-config name="HTTP_Listener_config" doc:name="HTTP Listener config" doc:id="8bab1c72-ea72-45b0-905e-70919e21366e" >
		<http:listener-connection host="0.0.0.0" port="${http.port}" />
	</http:listener-config>
	<secure-properties:config name="test" doc:name="Secure Properties Config" doc:id="3ba526bf-ad92-41ec-be0d-22f397dae517" file="file1.yaml" key="${key}" >
		<secure-properties:encrypt algorithm="Blowfish" mode="CBC"/>
	</secure-properties:config>
	<global-property doc:name="Global Property" doc:id="7e8debde-3ff8-46eb-ac55-f6ba23c0418a" name="prop" value="my-${secure::properties.example2}" />
	<flow name="secure-pFlow" doc:id="bca5a241-dd23-42ae-825d-5168435c6ee3" >
		<http:listener doc:name="Listener" doc:id="e9a8b85d-d980-4548-bfc7-21837afbebcb" config-ref="HTTP_Listener_config" path="/"/>
		<logger level="INFO" doc:name="Logger" doc:id="85eda4f3-5986-48a9-9987-91241e9e4b35" message="the logger = ${key}, ${prop}"/>
	</flow>
</mule>

properties:
  example2: "Salesforce"

Now, here is more information to download the JAR file to help encrypt your properties file, along with basic instructions. For our example, we can use the command below. The key used to encrypt is "mulesoft":

java -jar secure-properties-tool.jar file encrypt Blowfish CBC mulesoft file0.yaml file1.yaml

properties:
  example2: "![BTl9o3IxSXj0Tom2U5KRlg==]"

CloudHub:

Here is the cURL command to deploy this application to Cloudhub. Notice that I am sending the decryption key as a property. Also, please replace the file path to your JAR file on your local.

curl -X POST \
https://anypoint.mulesoft.com/cloudhub/api/v2/applications \
-H 'authorization: bearer <your token>' \
-H 'cache-control: no-cache,no-cache' \
-H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
-H 'x-anypnt-env-id: <your env id>' \
-H 'x-anypnt-org-id: <your ord id>' \
-F 'appInfoJson={
"domain": "a-domain",
"muleVersion" : {"version":"4.1.4"},
"region" : "us-east-2",
"monitoringEnabled":true,
"monitoringAutoRestart" : true,
"workers": {"amount":1, "type": {"name":"Micro","weight":"0.1","cpu":"0.1 vCores", "memory":"500 MB memory"}},
"loggingNgEnabled":true,
"persistentQueues":false,
"properties":{
"key":"mulesoft"
}
}' \
-F autoStart=true \
-F file=@/Users/randall.tom/secure-p.jar

Maven:

<cloudHubDeployment>
            <uri>https://anypoint.mulesoft.com</uri>
            <muleVersion>4.1.3</muleVersion>
            <username>my username</username>
            <password>my password</password>
            <applicationName>ktn1</applicationName>
            <environment>Sandbox</environment>
            <properties>
                <key>${keyValue}</key>
            </properties>
</cloudHubDeployment>

Here is the Maven command to deploy and pass the secret key:

mvn clean deploy -DmuleDeploy -DkeyValue=mulesoft