Recommended path for operators to access HCP Consul from a laptop

We have just wired up our first couple services with HCP Consul and I just realized that tools like envconsul and consul-template won’t work on my laptop as developer tools because HCP only responds to agent requests over the private subnet.

Is setting up Boundary the only option here? Are there other (perhaps less savory) options for reaching the server cluster? We do not yet have all our services in the private subnet space, so --at least in the short term-- using an AWS IGW and NLB is available to us, though I’m not sure the HCP issued certificates will support that.

We definitely want to go in the Boundary direction, but with it not yet available as an HCP managed product, we are trying to figure out if it makes sense to go through the effort to self-host if there’s a short cut that we can take while we wait for the managed solution.

Just wanted to see if there’s any news on this front. It’s been 10mo almost to the day since the previous post, and lots has happened. I haven’t yet seen much in terms of how to go about accessing HCP resources on a private subnet such that developers or end-users could still access secrets engines. Boundary allows access to database secrets engines in Vault, but I would love to be able to issue tokens for Consul and Vault, access KV data from Consul and Vault, and get AWS credentials issued via Vault secrets engines.

Is there a way to use these tools together, or would an integration in Boundary need to be built out first? Has someone already figured this out?

Thanks in advance,
Sam