Vault is fine, it’s a key value store with fine grained ACLs on top. You should never use it to store any kind of secure material that lets you establish identities/authenticate between your services.
Your code that you check in, should upon startup establish the process identity (e.g. generate a key and get it signed as a cert, or grab some short lived token to be sent in http headers) it should just ask the runtime environment for it. These can/should be short lived, ephemeral, tied to that process incarnation as much as possible to prevent security issues… [ that avoids the issue of storing them, there’s nothing to store, because you’re not reading it. And you’re not using globally visible and often logged environment variables or command line arguments ]