Move our secrets from chef-vault to an agnostic provider solution
We need to evaluate Vault to store all our secrets and, if it ticks the checkbox, decommission encrypted data bags and open source chef-repo.
We need at least one standby instance and an offline copy for disaster recovery.
Terraform should manage the instance.