- created approle 'certmanager' using 'certmanager' policy - update certmanager script to generate token based on roleid
- add certmanager script and config.yaml file - install into pyenv for certmanager - deploy to puppet-masters only
