Can someone explain why does Consul encryption use two separate methods? For example, Gossip encryption uses a shared key while RPC encryption uses PKI X.509 certificates.
Wouldn’t it be simpler and easier on secrets sprawl to have the option to encrypt all communications with the X.509 certificate?