# How does Vault-CRD work?

### How the creation workflow works

![](https://3180634878-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA_1OIwFdEfn7NgUrzF%2F-LA_6HOkRlnlUYhQL68v%2F-LA_6deH3NBK9gW2Yyw0%2FUntitled%20Diagram.png?alt=media\&token=12acbb49-e66a-4a6d-a220-af5809799360)

A) The Vault-CRD receives event for new Vault resources\
B) Vault-CRD requests secret from HashiCorp Vault\
C) Vault-CRD generates new Kubernetes Secret

### How the updating workflow works

![](https://3180634878-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LA_1OIwFdEfn7NgUrzF%2F-LA_6HOkRlnlUYhQL68v%2F-LA_7DReQ7lPMMrOqosS%2FUntitled%20Diagram%20copy%202.png?alt=media\&token=d99601d5-abbf-439a-9a54-58bba233344d)

1\) Vault-CRD has a scheduled task that looks to the Secrets generated by it\
2\) It compares the Kubernetes Secret with the HashiCorp Vault state and updates the Kubernetes Secret if  necessary