The new right way to make CA-less "site-to-site" OpenVPN setups is to use certificate fingerprint validation (T5271). Since the --secret option will be removed in OpenVPN 2.7, we need to warn the users that they should migrate away from it.
WARNING: The shared-secret-key option is deprecated and will be removed in VyOS 1.5. Consider using OpenVPN with self-signed certificates and fingerprint validation instead. Consult the documentation for details: <URL here>