- manage python script/venv to sign ssh host certificates - add approle_id to puppetmaster eyaml files - add class to sign ssh-rsa host keys - add facts to check if the current principals match the desired principals
- move vault certmanager tokens to drw1/syd1 specific eyaml - add syd1 certmanger token for syd1 vault
