Hi,
I've started work on a webhook secrets backend for Vault, just thought I'd mention it here if it's something that would be useful to others:
Upon writing to a path in this backend (eg. "/webhook/destination/perform-foo"), Vault will sign a JSON document and POST it to a specified URL, allowing services to delegate authz/authn/audit work to Vault, which is super useful for internal tools that perform privileged operations.
It works in my testing environment, but is not yet battle hardened. Feedback welcome.
Cheers,
JAmes