I have recently set up Vault’s storage backend with Consul (TLS enabled).
There are three tls settings for the storage “consul” stanza (tls_ca_file, tls_cert_file, tls_key_file). Is it correct to use the Consul connect standard CA file for the CA setting, and then generate a special client cert and key file for vault as a client of consul, using this CA?
The TLS setup is quite involved for consul, so forgive me if I’ve misunderstood something.