Vault database connection over consul connect

This may be a basic question and I am never sure what category to put these question that involve multiple products but I have a postgres database running on a nomad cluster with a consul connect proxy providing access to services. The vault cluster is running on bare metal, what is the best and most efficient route to let vault access this database though consul connect to manage database credentials?

ingress gateway?

So I attempted to set up ingress gateways for both postgres and mqtt so vault can control. the service checks go green but it looks like http and fails with mqtt complaining about ssl.

I realize this probably should go in the consul category at this point. also is there a suggested way to get an envoy proxy binary on raspberry pi?

cat ingress-postgres.hcl
Kind = "ingress-gateway"
Name = "ingress-postgres"

Listeners = [
 {
   Port = 5432
   Protocol = "tcp"
   Services = [
     {
       Name = "database-postgres"
     }
   ]
 }
]

consul connect envoy -gateway=ingress -register -service ingress-postgres -address '{{ GetInterfaceIP "eno1" }}:5432' -admin-bind 127.0.0.1:19001

I have run into this issue as well and did not figure out a solution. An answer or pointing me in the right direction would really help me out.

I wonder if native integration would be the best solution