I’m building a project based on microservices. After playing a bit with openssl and cfssl I have decided to use vault for the system PKI.
I want all my connections secured with TLS. I want to use etcd or consul as my storage backend. For that, I need to provide TLS certificates for etcd or consul. And here’s the cycle: if I want to use vault to create the certificates, but I can’t configure vault backend because I don’t have the certificates for consul, what’s the way to go?
I know this is not a stopper. I have many ways of creating certs. But is there any best practice or common approach for that?