To react on Secret Changes there is a Change Adjustment Callback that can be defined. If such Callback is defined a new rollout of a Deployment gets triggered when the secret is changed by Vault-CRD. This will then inject the new secret value and a reload of the secret can be enforced (e.g. start of new application context lookup in Spring Boot).
All secret types support this Change Adjustment via the following yaml snippet:
In this case the deployment nginx (same namespace as Vault resource) gets restarted when the secret was modified.
Resource Type that should be updated (Currently only deployment is supported)
Name of the Resource that should be updated (rollout redo)