Vault integration with Cache-Only Key Service

Hi. I am new to Vault and I have a question regarding its integration options.

In one specific use case, I am supposed to implement HYOK for Salesforce (https://help.salesforce.com/articleView?id=security_pe_byok_cache.htm&type=5) I would like to do that with Vault (if possible).

Does anyone know if this would work out of the box or what must be done to implement that use case? Does Vault offer an encryption service endpoint that can deliver a key as Salesforce expects it?

Many thanks!

I implemented my own solution: GitHub - p15r/distributey: distributey acts as middleman between a key consumer and a key service. It receives requests designated to the key service, fetches key material and sends JWE-wrapped (RFC7516) responses to the consumer.