Which mechanism allows externalizing sensitive credentials in Mule 4 configuration?

Externalizing credentials is achieved through property placeholders. By keeping sensitive values in an external properties file (or environment), you reference them in the Mule configuration using ${property.name}. This decouples secrets from your code, making it easy to swap credentials per environment without touching the application logic, and it supports secure handling when you use encrypted or secure property sources. The TLS keystore is for SSL/TLS certificates and securing transport, not for externalizing credentials in the app config. Hard-coded strings or default values in code embed secrets directly, which defeats the purpose of externalization.