Best practice for multiple VaultDynamicSecret with one deployment

I’m considering using vso to manage database credentials, but I have some concerns that this requires app restart or reload upon retention.

I wonder if it’s possible to coordinate multiple VaultDynamicSecret to retente at the same time to reduce app restart as much as possible.

And what is the best practice if I’m going to use multiple dynamic secret in a single deployment?

Are you planning to use the Database secrets engine for this? I didn’t want to assume that was the intent.

For the database secrets engine, this would be a VaultDynamicSecret custom resource:

If you are planning some other means to provision credentials, you could have multiple k/v pairs as part of a single VaultStaticSecret:

As for app restarts, that is dependent on how the app behaves. You could use RolloutRestartTarget if the app does require a restart, but again this does depend on your specific app behavior: