About the method of pulling secret to the application on kubernetes

We are planning to pull our secrets to our applications running in kubernetes environment through Vault.
We have installed a vault agent on the Kubernetes server. When the application is launched, we contact the agent with the external Vault and pull the secrets through the init container with the kubernetes auth method. (Vault agent init)
But our main question is how do we get the application to pull the password once every 30 days after it has pulled the password. What is best practice?

can you support on this topic?

Sidecar uses templates to keep your secrets up to date with what is stored in Vault.