Essentially this method requires downloading a vault-ssh-helper executable and storing it in the usr/local/bin location on the host that you want Vault to manage ssh secrets for. Some modifications of the /etc/pam.d/ssh and /etc/ssh/sshd_config files to leverage the vault ssh helper is also required.
Before digging too much deeper into this approach, is this something that would be possible with ONTAP? And would it be a supported configuration?
There's support for KMIP looks like. I don't think modifying SSH config works like that, so I would talk to the account team and see about what is needed to get a supported configuration. I don't think it's impossible, but definitely the account team can reach out to internal resources to get confirmation or a fPVR if needed.