Continuing the discussion from How to overcome the chicken and egg problem of consul and vault encryption?:
I loved this original post, it has continued to represent something of a paradox in adopting Hashicorp tools. Each product’s documentation makes reference to other components without saying how they come into being and it’s easy to see a Catch-22.
I collected some of my thoughts on the topic here
“… From nothing, we deploy bare machines with only an OS, and the only thing they know about is themselves and the network that they are connected to. The principles of zero-trust mean that they can’t just join existing infrastructure without credentials, but those credentials are generated by the infrastructure, which is itself a higher-order manifestation of the computatoms themselves…”
Would love to engage in any conversation that it sparks!