Chef-Vault on new build


I want to build my Windows servers using chef, I have my recipes and I’ve tested them individually and they are all working. I’m looking for some suggestions/best practices on chef vault and a new node. I have a script that self-bootstraps the node, this is working great. The issue I’m having is the node doesn’t have a key pair that is required for chef-vault so my build halts at this point. How can I execute a chef-vault refresh from a node that is being built or what is the best method for accomplishing what I’m trying to do?