Automatically update vault secrets into kubernetes

All the secrets used by our application are stored in Vault. During deployment, we utilize an internal tool to retrieve secrets from Vault and load them onto the pods. Now, we have a secret which gets updated every month and it requires a restart or deployment. Is there a solution available that automates the process of updating the secret on the pod whenever it is modified on Vault? FYI - our secrets are loaded as files on the pods.

I checked online and I see two options:

1 - Vault agent used as side car container
2 - Vault operator (something new)

Sidecar would fit in nicely.

That Hashicorp Vault Secrets Operator could do as well, I guess -- I didn't know about it, TBH.

You could attach secrets as CSI Volumes

Inject them using Hashicorp Vault Agent

And we could mention: the External Secrets Operator, which can integrate with other vaults (eg: aws, a remote kubernetes cluster API, ...)

1. If you mount a kubernetes secret into the deployment, an update of the deployment should not be needed anymore.

2. You can automate the updating of the kubernetes secret itself with a job or a cronJob depending on you needs. If you can utilize an event that trigger a kubernetes job to fetch the new secrets and update the kubernetes secret, you should do that. If you want to run the job like on every first day of the month at a specific time you can use a cronJob.

Best regards