Fetching Remote Encryption Key for MariaDB

I’ve set up encryption at rest for MariaDB but I can’t seem to get my key fetching service to fetch the key.

I have the following fetch script and a systemd service set up.

# Fetch the encryption file for MariaDB, restart service, then remove file
/usr/bin/wget -P /etc/mysql https://example.com/my_maria_key.key 
/bin/systemctl restart mysql
sleep 10
rm /etc/mysql/my_maria_key.key
touch /tmp/mariadb.started
exit 0

And my systemd service file:

[Unit]
After=network.service

[Service]
ExecStart=/etc/rc.local

[Install]
WantedBy=default.target

I made sure I enabled the service and I can run the service using:

sudo service fetch_key restart

But it doesn’t fetch the key.

What have I done wrong?

ADDING .CNF FOR REFERENCE

[mysqld]
plugin_load_add=file_key_management
file_key_management = ON
file_key_management_filename = /etc/mysql/secretkeyname.enc
file_key_management_filekey = FILE:/etc/mysql/.key
file_key_management_encryption_algorithm=aes_cbc
encrypt_binlog = 1
innodb_encrypt_tables = ON
innodb_encrypt_log = ON
aria_encrypt_tables = ON
encrypt_tmp_disk_tables = ON
innodb_encryption_threads = 8
innodb_encryption_rotate_key_age = 0 # Do not rotate key

ADDING VARIOUS KEY GENERATION RESULTS

when using wget via sudo in the terminal: 
644 -rw-r--r-- root root 620 mysecretkey.enc

letting the service download the key:
660 -rw-rw---- root root 620 mysecretkey.enc

generating the key with openssl:
644 -rw-r--r-- root root 336 mysecretkey.enc

mkdir /etc/systemd/system/mariadb.service.d

[Service]
ExecStartPre=/usr/bin/wget -P /etc/mysql https://example.com/my_maria_key.key
ExecStartPost={something to ensure the key is loaded - mysql -e '...' } 
ExecStartPost=rm my_maria_key.key