An application running in a Kubernetes pod needs to access an external database securely. The database credentials are rotated every 24 hours. Which approach ensures that the pod always uses the current credentials without manual intervention?
Dynamically updates secrets without pod restart.
Why this answer
Option D is correct because a Secrets Store CSI driver can dynamically mount secrets from an external vault, and the application can read the updated secret from the volume without restarting the pod. Option A is incorrect because restarting daily is disruptive. Option B is valid but the CSI driver is more integrated and standard.
Option C is not a specific solution.