To react on Secret Changes there is a Change Adjustment Callback that can be defined. If such Callback is defined a new rollout of a Deployment gets triggered when the secret is changed by Vault-CRD. This will then inject the new secret value and a reload of the secret can be enforced (e.g. start of new application context lookup in Spring Boot).