Vault HA vulnerability with single EasyRSA unit

Hi, my company is planning on moving to an on-prem private cloud, using Charmed OpenStack and managing the node enlistment etc with MAAS. We have been working with prototype MAAS and OpenStack deployments for around a month and are working into more HA/prod type deployments.

We have been basing our deployments on the Charmed OpenStack Guide and have been slowly implementing more HA services in our deployments as we test. Our primary guide for HA has been the OpenStack Infrastructure HA page in their Charm guide. We have implemented Vault HA with the linked guide. On review, we realized that there is a single point of failure with the EasyRSA charm. It also appears that the EasyRSA charm does not currently support HACluster itself and when looking into it found this bug (EasyRSA scale out broken #1809377).

I haven’t been able to parse the work-arounds in the bug comments and was wondering if anyone has encountered issues with EasyRSA as a single point of failure in a Prod environment or if there are any good/documented work-arounds, currently? It looks like it might be possible to move the certificates relationship from EasyRSA to Vault once Etcd is finished bootstrapping but it was unclear (bottom of this page).