Bootstrapping and CI best practice

If i have created a vault instance. How would i programmatically generate an admin user/token. pass the new token to a CI to then be able to access vault to then be able to create policies and users in vault from terraform?

Is it generally stuck together with some bash scripts in post creation of a vault instance or are there some best practices I could follow?

In my case the vault is created with a helm chart, and i would need to be able to get the token all the way to azure devops