Distribute Consul Server Certificates

Hi everyone,

I’m having some issues figuring out the best way to automate generating the Consul server certs and distributing them to the other servers. I plan on using auto-encryption for the clients, which seems straightforward. I am using Terraform to create droplets in DigitalOcean based off of images I created with Packer. I am able to fully automate the creation of a HashiStack cluster (Consul, Vault, Nomad), but am now at the point of trying to figure out the best way to enable TLS for all of them. I am starting with Consul.

I know I can easily run the consul commands to create the certs on my first server, but how are people automating getting these certs to their other consul servers? Some ideas I had were to upload the certs into DigitalOcean Spaces (like S3) and download them to the servers, or have the certs on my build agent and SCP them as part of the build…Not really sure. What is everyone else doing to automate this?