A Kubernetes application can use Vault Agent to update secrets when they change, without having to refactor its code. The application's database username and password can be retrieved from a PostgreSQL secrets engine in Vault, and the credentials are cached by Vault Agent for faster retrieval. When the secret changes, Vault Agent sends a termination signal to the application, which shuts down and gets rescheduled by Kubernetes. If the application supports live reload, Vault Agent can send an HTTP POST request to the application's /actuator/refresh endpoint, which triggers the live reload of configuration without disrupting the web server. The refresh mechanism allows for secure access to individual actuator endpoints.