(no title)

* own CA, to be distributed to all systems via Ansible playbook or Dockerfile directives

* Hashicorp Vault with enabled PKI engine

* Ansible Hashivault module [1]

* Ansible role & playbook to tie it all together

* CI enviroment for automated deployment of SSL certs to target systems

Works flawlessly once set up, including restart/reload of affected services. Might do a writeup on my personal blog at some point.

[1] https://github.com/ansible-collections/community.hashi_vault