I am interested how do you setup and manage Vault cluster TLS certificates/keys. For me it seems to be a big chicken-egg problem.
For example; if you have in a private cloud 3 instances acting as Vault servers and 10 instances that have Vault Agents, those Vault Agents need a TLS connection to the servers. So where do the 3 servers get their certificates in the first place, how do you get the crts and keys into agents instance and how would you manage it’s life cycle?
Are you using Vault to do the initial setup and manage it’s own Certificates life cycle or you manage it outside the Vault ecosystem with something like Anisble and Openssl?