Describe the request
When refreshing secrets in keyvault, it would be great if all the pods depending on those secrets didn't have to be restarted, and instead the secrets in the pods were updated after some delay
Explain why Key Vault FlexVolume needs it
Unless I'm holding it wrong at the moment, it seems that if I were to change a password in keyvault, any pods currently using that secret would continue to have the old version reflected in the flexvol until the pod is restarted
Describe the solution you'd like
If there was some regular refresh period or a way to request a refresh of the secrets, that would be great.
Describe alternatives you've considered
Currently the simplest way using this flexvol seems to be updating pods, causing applications to restart. An alternative would be to not use flexvols here and have pods directly talk to keyvault via the same secrets used by the keyvol, then they can update at their own cadence or whenever the secrets fail to work
Describe the request When refreshing secrets in keyvault, it would be great if all the pods depending on those secrets didn't have to be restarted, and instead the secrets in the pods were updated after some delay
Explain why Key Vault FlexVolume needs it Unless I'm holding it wrong at the moment, it seems that if I were to change a password in keyvault, any pods currently using that secret would continue to have the old version reflected in the flexvol until the pod is restarted
Describe the solution you'd like If there was some regular refresh period or a way to request a refresh of the secrets, that would be great.
Describe alternatives you've considered Currently the simplest way using this flexvol seems to be updating pods, causing applications to restart. An alternative would be to not use flexvols here and have pods directly talk to keyvault via the same secrets used by the keyvol, then they can update at their own cadence or whenever the secrets fail to work
Additional context