Vault PKI in combination with Azure IoTEdge; using EST (Enrollment over Secure Transport)?

I’m wondering if anyone has experience with setting up Azure IoTEdge’s certificate design (w/ ‘Device CA certificates’ and ‘Workload CA certificates’).
One of my colleagues is asking for the possibility to integrate these with Vault’s PKI through the EST protocol (Enrollment over Secure Transport).

I can’t find anything that points me in the right direction, so I’m wondering if this is even supported, or if there’s alternative methods/protocols I can use.