Use Vault agent of Apps pointing to Vault API directly


I would like to hear, from your experience, what is recommended, best practice to communicate with Vault from client side. Either calling VAULT API from apps (apps that has ready plugin to communicate with vault) directly to fetch the secrets or utilizing Vault agent to cache secrets locally on client side? What is main advantage of each?

Thank you!