Question 1. In reading the Vault deployment guide - Vault with Consul Storage Deployment Guide | Vault - HashiCorp Learn it is recommending a Consul Storage Reference Architecture. I took this to mean it is best practice to use Consul as the storage backend - however reading the Vault docs it looks like that has perhaps changed to Integrated Storage. If I am not yet using Vault or Consul and Vault is my primary use case at this time should I just run Vault with integrated storage and enable Consul at a later date?
Question 2. If it is still good practice to use Consul I’m having a hard time determining the best approach regards TLS - as we have an internal PKI - I thought having internal CA signed certs would work but they are failing Consul cert verification on server.. as our cert is signed based on the hostname - I attempted to override that with the ‘server_name’ however that appears to be ignored - not working.
So I thought I would try to use the Consul CA - but in those docs it seems to suggest use Vault for the cert management - but without Consul currently I have no Vault.
Feeling a little bit like a dog chasing its tail in the docs and could use a little direction/best practice.
I think for now I will go the Vault Integrated Storage route - and add Consul at a later date as I said previously Vault is my primary use case and Consul seems like a ‘nice to have’ at this time - but still it would be helpful to understand the order.