Had a similar issue, came up with this idea:
Hi @mouglou ,
I hope you are still reading this, since I just came up with a similar idea.
I plan on creating short lived bootstrap certificates (in Ansible) and switch them out with one created by Vault later using consul-template or the vault agent and restart the node.
1 Like