I created an issue in Vault repository asking about if it would be possible to deploy Vault securely and at the same time make it accessible for the end-user managing it by publishing it with certificates signed with a trusted CA (like Let’s Encrypt, DigiCert or whichever).
Although the documentation states that the recommended way of deploying it is “End-to-End TLS”, the helm chart provides a way of securing it at the edge (https://github.com/hashicorp/vault-helm/blob/master/values.yaml#L145-L162) which seems confusing. End-to-end TLS recommended but at the same time chart provides a handy way of not making it as secure as what production hardening guides says?
Would it be possible to clarify?