I am running a Vault cluster on Docker Swarm in an AWS VPC, using auto unseal with KMS. Are there recommended ways to configure Vault to use secret engines on initialization, such as using the PKI secrets engine for signed SSH certs. Is this done through API calls or an SDK? Is there another way to configure the cluster to not need operator intervention on start, or does an engineer need to manually intervene?
Thanks for any feedback.