How is this done? with linux, the template has no password or ssh host keys, just public ssh keys. ansible does the rest.
whats the standard practice with windows? install windows instances by hand, and put their individual passwords in the vault? also thought template + sysprep, but then theres a window of opportunity for an attacker that has seen the template. we can do as much as we can to protect that template, but it doenst seem right to have to do, and is still a partially manual process. has anyone gotten an automated winrm with ssl cert setup working?