we are running vault in k8s and vault itself is using a certificate which gets automatically issued using cert-manager. I just rotated the cert and it looks like vault is still using the old certificate out of memory instead of regularly checking for changes regarding the mounted secret containing the certificate.
I assumed a cloud-friendly application like vault would behave like an ingress, that checks for changes every few minutes and automatically serves a new certificate if the secret behind it changes.
Is there a way to make vault aware of the new cert without reloading or spawning new pods? I would like to be able to rotate certs without having to unseal vault every x days.