To react on Secret Changes there is a Change Adjustment Callback that can be defined. If such Callback is defined a new rollout of a Deployment gets triggered when the secret is changed by Vault-CRD. This will then inject the new secret value and a reload of the secret can be enforced (e.g. start of new application context lookup in Spring Boot).
All secret types support this Change Adjustment via the following yaml snippet:
In this case the deployment nginx (same namespace as Vault resource) gets restarted when the secret was modified.