I think i understood what you were doing ... but instead of storing the secret Keyfile on the unraid Server, now you have your credentials to access your free Provider nextcloud storage written in plain text in the "curl -u ..." Statement (within the fetch_key script). Thats what i meant with "replacing one secret with another".
But if thats fine for your needs, im the last one to complain
Greetings, Dirk