Transit auto-unseal and periodic update requests

Help me understand why would cluster send periodic (each 10 mins?) update requests to an auto-unseal transit vault, if, as per docs, master key is decrypted on startup only and then stays in memory. Something doesn’t add up.

Audit log filled with: {"path":"transit/decrypt/unseal_key","op":"update","mount_point": "transit/", ...}

Vault servers verify autoseal’s health roughly every 10 minutes.

This was added as a periodic background check to warn operators about issues with connections to their HSMs and KMSes that would go unnoticed until the next unseal.