I tried to understand how this works on bare metal. After installation with ignition file provided on a local file system, is the file still accessible unencrypted anywhere after the installation completes?
It is accessible to the root user after installation (coreos-installer) but is automatically removed after provisioning (Ignition). No user-provided code runs before provisioning, so the former shouldn't be an issue. The bare-metal Ignition config has been
improperly accessible in the past (CVE-2021-3917) but this is fixed in current Fedora CoreOS releases.
For machines that are remote and no human interaction is possible, I don't see how credentials in ignition can be avoided. Even if hashicorp is used, then some credentials for hashicorp should be present. Or am I mistaken?
That's fair. Dedicated platforms are in a position to offer more authentication and access-control options, such as single-use credentials for bootstrapping, but long-term credentials may be needed in some environments.